Description

Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development.

Lucee Server versions older than 5.3.8.89 allow attackers to access authenticated CFM (ColdFusion) files directly. This allowed atackers to perform a lot of authenticated actions while being completely unauthenticated.

The file imgProcess.cfm is vulnerable to a path traversal vulnerability that allows an attacker to create a file anywhere on the server with attacker-controlled content. This can be easily escalated in RCE (Remote Code Execution) by creating malicious .cfm files.

Remediation

Upgrade to the latest version of Lucee Server to fix this issue.

References

fixes LDEV-3119

Finding 0day to hack Apple

Related Vulnerabilities

WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download (2.60)

WordPress Plugin WordPress Infinite Scroll-Ajax Load More Directory Traversal (5.5.4)

WordPress Plugin Booking Calendar Directory Traversal (7.0)

WordPress Plugin WP Support Plus Responsive Ticket System Multiple Vulnerabilities (4.1)

MyBB Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-45867)

Severity

High

Classification

CVE-2021-21307 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Arbitrary File Creation Directory Traversal