Description
ColdFusion allows an unauthenticated user to connect to any LDAP server. An attacker can exploit it to achieve remote code execution.
Remediation
Upgrade to the latest version of ColdFusion.
References
Related Vulnerabilities
WordPress Plugin Feedify Remote Code Execution (2.0.0)
Reflected Cross-Site Scripting (XSS) vulnerability in PAN-OS management web interface
WordPress 6.1.x Shortcode Execution (6.1 - 6.1.2)
Joomla! JCE arbitrary file upload
WordPress Plugin WP-Stateless-Google Cloud Storage Remote Code Execution (2.2.0)