Description
ColdFusion FlashGateway is vulnerable to deserialization attacks. An attacker could exploit this vulnerability using specially-crafted serialized data to execute arbitrary code on the system.
Remediation
Upgrade to the latest version of ColdFusion
References
Related Vulnerabilities
PrimeFaces 5.x Expression Language injection
Struts2/XWork remote command execution (S2-014)
WordPress Plugin PropertyHive Remote Code Execution (1.4.25)
WordPress Plugin NextGEN Gallery-WordPress Gallery Remote Code Execution (2.1.59)
Unauthenticated OGNL injection in Confluence Server and Data Center (CVE-2023-22527)