WEB APPLICATION VULNERABILITIES Standard & Premium

ColdFusion Arbitrary File Upload

Description

ColdFusion allows an unauthenticated user to upload arbitrary files. An attacker can exploit it to achieve remote code execution.

Remediation

Upgrade to the latest version of ColdFusion

References

Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961)

Related Vulnerabilities

WordPress Plugin wpcu3er 'ajaxReq.php' Arbitrary File Upload (0.55)

Zenphoto Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-36079)

WordPress Plugin SB Uploader Arbitrary File Upload (4.1)

WordPress Plugin Comments-wpDiscuz Arbitrary File Upload (7.0.4)

WordPress Plugin Super Logos Showcase for WordPress Arbitrary File Upload (2.2)

Severity

High

Classification

CVE-2018-15961 CWE-434 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Unauthenticated File Upload