漏洞描述
Adobe ColdFusion是美国奥多比(Adobe)公司的一套快速应用程序开发平台。该平台包括集成开发环境和脚本语言。 Adobe ColdFusion 2023.12、2021.18、2025.0及之前版本存在操作系统命令注入漏洞,该漏洞源于未中和特殊元素,可能导致OS命令注入。
Adobe ColdFusion 操作系统命令注入漏洞
PoC代码
暂无相关漏洞推荐
- Adobe ColdFusion /hax/..CFIDE/wizards/common/utils.cfc 权限绕过漏洞(CVE-2023-38205)
- POC CVE-2009-1872: Adobe Coldfusion <=8.0.1 - Cross-Site Scripting
- POC CVE-2010-2861: Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
- POC CVE-2018-15961: Adobe ColdFusion - Unrestricted File Upload Remote Code Execution
- POC CVE-2021-21087: Adobe ColdFusion - Cross-Site Scripting
- POC CVE-2023-26347: Adobe Coldfusion - Authentication Bypass
- POC CVE-2023-26360: Adobe ColdFusion - Local File Read
- POC CVE-2023-29298: Adobe ColdFusion - Access Control Bypass
- POC CVE-2023-29300: Adobe ColdFusion - Pre-Auth Remote Code Execution
- POC CVE-2023-38203: Adobe ColdFusion - Deserialization of Untrusted Data
- POC CVE-2023-38205: Adobe ColdFusion - Access Control Bypass
- POC CVE-2023-44352: Adobe Coldfusion - Cross-Site Scripting
- POC CVE-2023-44353: Adobe ColdFusion WDDX Deserialization Gadgets