module
Adobe ColdFusion Unauthenticated Arbitrary File Read
| Disclosed |
|---|
| N/A |
Disclosed
N/A
Description
This module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe
ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to read
an arbitrary file from the server.
To run this module you must provide a valid ColdFusion Component (CFC) endpoint via the CFC_ENDPOINT option,
and a valid remote method name from that endpoint via the CFC_METHOD option. By default an endpoint in the
ColdFusion Administrator (CFIDE) is provided. If the CFIDE is not accessible you will need to choose a
different CFC endpoint, method and parameters.
ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to read
an arbitrary file from the server.
To run this module you must provide a valid ColdFusion Component (CFC) endpoint via the CFC_ENDPOINT option,
and a valid remote method name from that endpoint via the CFC_METHOD option. By default an endpoint in the
ColdFusion Administrator (CFIDE) is provided. If the CFIDE is not accessible you will need to choose a
different CFC endpoint, method and parameters.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.