Adobe ColdFusion is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. Adobe ColdFusion 9.0.1 and prior are vulnerable.
Updates are available. Please see the references for more information.
- A-Blog 'sources/search.php' SQL Injection Vulnerability
- appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
- Avenger's News System Command Execution
- AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution