Description

ColdFusion allows an unauthenticated user to upload arbitrary files. An attacker can exploit it to achieve remote code execution.

Remediation

Upgrade to the latest version of ColdFusion

References

APSB18-33

Active Exploitation of Newly Patched ColdFusion Vulnerability (CVE-2018-15961)

Related Vulnerabilities

WordPress Plugin WP Marketplace-Complete Shopping Cart/eCommerce Solution Arbitrary File Upload (1.2.1)

WordPress Plugin Simple Slide Show TimThumb Arbitrary File Upload (1.0)

WordPress Plugin ReFlex Gallery Arbitrary File Upload (3.1.3)

WordPress Plugin Vertical SlideShow 'upload.php' Arbitrary File Upload (2.1)

WordPress Plugin WPshop-eCommerce Arbitrary File Upload (1.3.9.5)

Severity

High

Classification

CVE-2018-15961 CWE-434

Tags

Unauthenticated File Upload