漏洞描述
【漏洞对象】Adobe ColdFusion 【涉及版本】9,9.0.1,9.0.2 【漏洞描述】 Adobe ColdFusion8、9版本中存在一处目录穿越漏洞,可导致未授权的用户读取服务器任意文件。
Adobe ColdFusion-任意文件读取(CVE-2010-2861)
PoC代码
暂无相关漏洞推荐
- Adobe ColdFusion /hax/..CFIDE/wizards/common/utils.cfc 权限绕过漏洞(CVE-2023-38205)
- POC CVE-2009-1872: Adobe Coldfusion <=8.0.1 - Cross-Site Scripting
- POC CVE-2010-2861: Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
- POC CVE-2018-15961: Adobe ColdFusion - Unrestricted File Upload Remote Code Execution
- POC CVE-2021-21087: Adobe ColdFusion - Cross-Site Scripting
- POC CVE-2023-26347: Adobe Coldfusion - Authentication Bypass
- POC CVE-2023-26360: Adobe ColdFusion - Local File Read
- POC CVE-2023-29298: Adobe ColdFusion - Access Control Bypass
- POC CVE-2023-29300: Adobe ColdFusion - Pre-Auth Remote Code Execution
- POC CVE-2023-38203: Adobe ColdFusion - Deserialization of Untrusted Data
- POC CVE-2023-38205: Adobe ColdFusion - Access Control Bypass
- POC CVE-2023-44352: Adobe Coldfusion - Cross-Site Scripting
- POC CVE-2023-44353: Adobe ColdFusion WDDX Deserialization Gadgets