Description
ColdFusion allows an unauthenticated user to upload arbitrary files. An attacker can exploit it to achieve remote code execution.
Remediation
Upgrade to the latest version of ColdFusion
References
Related Vulnerabilities
WordPress Plugin How to Create an App for Android iPhone Easytouch Arbitrary File Upload (3.0)
WordPress Plugin Enable Media Replace SQL Injection and Arbitrary File Upload Vulnerabilities (2.3)
WordPress Plugin User Meta 'uploader.php' Arbitrary File Upload (1.1.1)
Arbitrary local file read via file upload
WordPress Plugin Work The Flow File Upload Arbitrary File Upload (2.3.1)