漏洞描述
Adobe ColdFusion 的 /CFIDE/wizards/common/utils.cfc 组件存在权限绕过漏洞(CVE-2023-38205)。攻击者可通过构造特殊请求绕过身份验证机制,直接访问受限功能或敏感数据。该漏洞源于对用户输入验证不足,导致未授权操作可能被执行。
Adobe ColdFusion /hax/..CFIDE/wizards/common/utils.cfc 权限绕过漏洞(CVE-2023-38205)
PoC代码
暂无相关漏洞推荐
- Adobe Commerce/Magento SessionReaper /customer/address_file/upload 文件上传漏洞(CVE-2025-54236)
- (CVE-2025-54253)Adobe Experience Manager配置错误导致任意代码执行漏洞
- (CVE-2025-54251)Adobe Experience Manager XML注入漏洞导致安全功能绕过
- (CVE-2025-54249) Adobe Experience Manager SSRF漏洞导致安全功能绕过
- POC CVE-2009-1872: Adobe Coldfusion <=8.0.1 - Cross-Site Scripting
- POC CVE-2010-2861: Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
- POC CVE-2016-0957: Adobe AEM Dispatcher <4.15 - Rules Bypass
- POC CVE-2018-15961: Adobe ColdFusion - Unrestricted File Upload Remote Code Execution
- POC CVE-2019-16469: Adobe Experience Manager - Expression Language Injection
- POC CVE-2019-8086: Adobe Experience Manager - XML External Entity Injection
- POC CVE-2021-21087: Adobe ColdFusion - Cross-Site Scripting
- POC CVE-2023-22232: Adobe Connect < 12.1.5 - Local File Disclosure
- POC CVE-2023-26347: Adobe Coldfusion - Authentication Bypass