CVE-2023-26360
Adobe ColdFusion Improper Access Control Arbitrary code execution
In short
Adobe ColdFusion has a flaw that allows attackers to run malicious code on affected servers without needing to trick users or log in first. This is a serious issue because it puts websites and their data at risk.
Technical detail
An improper access control vulnerability in Adobe ColdFusion 2018 Update 15 and earlier, and 2021 Update 5 and earlier, permits unauthenticated remote code execution in the context of the application user. The vulnerability requires no user interaction and can be exploited directly against vulnerable instances exposed to network access.
Summary generated and translated by AI from the official description.
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Affected products
Adobe · ColdFusionpublic PoCs found — 7
githubgithub.com/jakabakos/CVE-2023-26360-adobe-coldfusion-rce-exploit★ 5githubgithub.com/yosef0x01/CVE-2023-26360★ 5githubgithub.com/CuriousLearnerDev/ColdFusion_EXp★ 1githubgithub.com/H3rm1tR3b0rn/CVE-2023-26360-RCE★ 1githubgithub.com/joaoaugustom/Adobe_ColdFusion_RCE_Unauthenticated★ 0githubgithub.com/RyanRodrigues880/CVE-2023-26360★ 0cve_referencepacketstormsecurity.com/files/172079/Adobe-ColdFusion-Unauthenticated-Remote-Code-Execution.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →