漏洞描述
Adobe ColdFusion 的 /CFIDE/wizards/common/utils.cfc 组件存在权限绕过漏洞(CVE-2023-38205)。攻击者可通过构造特殊请求绕过身份验证机制,直接访问受限功能或敏感数据。该漏洞源于对用户输入验证不足,导致未授权操作可能被执行。
Adobe ColdFusion /hax/..CFIDE/wizards/common/utils.cfc 权限绕过漏洞(CVE-2023-38205)
PoC代码
暂无相关漏洞推荐
- POCCVE-2023-26360: Unauthenticated File Read Adobe ColdFusion
- POCCVE-2023-29300: Adobe ColdFusion 序列化漏洞
- POCCVE-2023-38204: Adobe ColdFusion 序列化漏洞
- POCCVE-2009-1872: Adobe Coldfusion <=8.0.1 - Cross-Site Scripting
- POCCVE-2010-2861: Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
- POCCVE-2018-15961: Adobe ColdFusion - Unrestricted File Upload Remote Code Execution
- POCCVE-2021-21087: Adobe ColdFusion - Cross-Site Scripting
- POCCVE-2023-26347: Adobe Coldfusion - Authentication Bypass
- POCCVE-2023-26360: Adobe ColdFusion - Local File Read
- POCCVE-2023-29298: Adobe ColdFusion - Access Control Bypass
- POCCVE-2023-29300: Adobe ColdFusion - Pre-Auth Remote Code Execution
- POCCVE-2023-38203: Adobe ColdFusion - Deserialization of Untrusted Data
- POCCVE-2023-38205: Adobe ColdFusion - Access Control Bypass