Main Vulnerability Database Exploits ID:9017 - Exploit for Improper access control in ColdFusion - CVE-2023-26360

ID:9017 - Exploit for Improper access control in ColdFusion - CVE-2023-26360

Published: April 28, 2023

Vulnerability identifier: #VU73597

Vulnerability risk: High

CVE-ID: CVE-2023-26360

CWE-ID: CWE-284

Exploitation vector: Remote access

Vulnerable software:
ColdFusion

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/multi/http/adobe_coldfusion_rce_cve_2023_26360

Vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.

Note, the vulnerability is being actively exploited in the wild.

Remediation

Install updates from vendor's website.

ID:9017 - Exploit for Improper access control in ColdFusion - CVE-2023-26360

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human