CVE-2024-20767

CVE-2024-20767 - Arbitrary file system read using an Improper Access Control vulnerability in Adobe ColdFusion

Please refer to ma4ter blogpost for more information: Adobe ColdFusion任意文件读取漏洞CVE-2024-20767分析

Products and Versions affected:

Product	Affected Versions
ColdFusion 2023	Update 6 and earlier versions
ColdFusion 2021	Update 12 and earlier versions

CVSS: 8.2
Actively Exploited: NO
Patch: YES
Mitigation: NO

Lab

You can deploy a ColdFusion server with a Free Trial from Adobe:

Download ColdFusion

Help

usage: CVE-2024-20767.py [-h] -t TARGET [-p PORT] -c COMMAND

options:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        Target Adobe ColdFusion Server URL
  -p PORT, --port PORT  Target Adobe ColdFusion Server Port, by default we use the 8500 Port
  -c COMMAND, --command COMMAND
                        Path to read file

Example:

python CVE-2024-20767.py -t http://192.168.124.203 -p 8500 -c Windows/ServerStandardEval.xml

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
CVE-2024-20767.py		CVE-2024-20767.py
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2024-20767

CVE-2024-20767 - Arbitrary file system read using an Improper Access Control vulnerability in Adobe ColdFusion

Lab

Help

References

About

Releases

Packages

Languages

yoryio/CVE-2024-20767

Folders and files

Latest commit

History

Repository files navigation

CVE-2024-20767

CVE-2024-20767 - Arbitrary file system read using an Improper Access Control vulnerability in Adobe ColdFusion

Lab

Help

References

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages