漏洞描述
Adobe ColdFusion 版本2023.5 (及更早版本)和2021.11(及更早版本)存在不正确的访问控制漏洞,可能导致安全功能被绕过。未经身份验证的攻击者可以利用此漏洞访问管理CFM和CFC端点。利用此问题不需要用户交互。
Adobe Coldfusion绕过身份验证(CVE-2023-26347)
PoC代码
暂无相关漏洞推荐
- Adobe ColdFusion /hax/..CFIDE/wizards/common/utils.cfc 权限绕过漏洞(CVE-2023-38205)
- POC CVE-2009-1872: Adobe Coldfusion <=8.0.1 - Cross-Site Scripting
- POC CVE-2010-2861: Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
- POC CVE-2018-15961: Adobe ColdFusion - Unrestricted File Upload Remote Code Execution
- POC CVE-2021-21087: Adobe ColdFusion - Cross-Site Scripting
- POC CVE-2023-26347: Adobe Coldfusion - Authentication Bypass
- POC CVE-2023-26360: Adobe ColdFusion - Local File Read
- POC CVE-2023-29298: Adobe ColdFusion - Access Control Bypass
- POC CVE-2023-29300: Adobe ColdFusion - Pre-Auth Remote Code Execution
- POC CVE-2023-38203: Adobe ColdFusion - Deserialization of Untrusted Data
- POC CVE-2023-38205: Adobe ColdFusion - Access Control Bypass
- POC CVE-2023-44352: Adobe Coldfusion - Cross-Site Scripting
- POC CVE-2023-44353: Adobe ColdFusion WDDX Deserialization Gadgets