Adobe ColdFusion Multiple Vulnerabilities-03 May-2014

Summary
This host is running Adobe ColdFusion and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to disclose the contents of arbitrary files on the system and execute arbitrary code. Impact Level: System/Application
Solution
Apply the patch from below link, http://www.adobe.com/support/security/bulletins/apsb13-03.html
Insight
Multiple flaws are due to, - The CFIDE/componentutils/cfcexplorer.cfc script not properly sanitizing user input, specifically directory traversal attacks supplied via the 'path' parameter when 'method' is set to: 'getcfcinhtml' and 'name' is set to 'CFIDE.adminapi.administrator'. - The 'ScheduledURL' variable allows specifying an arbitrary resource to save to system as specified by the 'publish_file' variable and then schedule this task to be executed at a set time.
Affected
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10
Detection
Get the installed version of Adobe ColdFusion with the help of detect NVT and check the version is vulnerable or not.
References