Vulnerability Details CVE-2018-15961
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.944
EPSS Ranking 99.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
Proposed Action
Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.
Ransomware Campaign
Unknown
References
- http://www.securityfocus.com/bid/105314
- http://www.securitytracker.com/id/1041621
- https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html
- https://www.exploit-db.com/exploits/45979/
- http://www.securityfocus.com/bid/105314
- http://www.securitytracker.com/id/1041621
- https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html
- https://www.exploit-db.com/exploits/45979/
Products affected by CVE-2018-15961
-
cpe:2.3:a:adobe:coldfusion:11.0
-
cpe:2.3:a:adobe:coldfusion:2016
-
cpe:2.3:a:adobe:coldfusion:2018