漏洞描述
Adobe ColdFusion是一种用于构建动态Web应用程序的服务器端编程语言和开发平台。ColdFusion的主要目标是简化Web应用程序的开发过程,通过提供一个强大且易于使用的平台,使开发人员能够快速构建功能丰富的Web应用。攻击者可通过远程且未经过授权认证在服务器端读取任意文件,执行执行代码,写入后门,获取服务器权限,进而控制整个web服务器。
Adobe ColdFusion /filemanager/iedit.cfc 未授权访问漏洞 (CVE-2023-26360)
PoC代码
暂无相关漏洞推荐
- Adobe ColdFusion /hax/..CFIDE/wizards/common/utils.cfc 权限绕过漏洞(CVE-2023-38205)
- POC CVE-2009-1872: Adobe Coldfusion <=8.0.1 - Cross-Site Scripting
- POC CVE-2010-2861: Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
- POC CVE-2018-15961: Adobe ColdFusion - Unrestricted File Upload Remote Code Execution
- POC CVE-2021-21087: Adobe ColdFusion - Cross-Site Scripting
- POC CVE-2023-26347: Adobe Coldfusion - Authentication Bypass
- POC CVE-2023-26360: Adobe ColdFusion - Local File Read
- POC CVE-2023-29298: Adobe ColdFusion - Access Control Bypass
- POC CVE-2023-29300: Adobe ColdFusion - Pre-Auth Remote Code Execution
- POC CVE-2023-38203: Adobe ColdFusion - Deserialization of Untrusted Data
- POC CVE-2023-38205: Adobe ColdFusion - Access Control Bypass
- POC CVE-2023-44352: Adobe Coldfusion - Cross-Site Scripting
- POC CVE-2023-44353: Adobe ColdFusion WDDX Deserialization Gadgets