- Home
- CVEs with nessus.description==The version of Adobe ColdFusion running on the remote host is affected by a directory traversal vulnerability in the administrative web interface. Input to the 'locale' parameter of multiple pages is not properly sanitized.
A remote, unauthenticated attacker can exploit this by sending specially crafted HTTP requests, allowing them to download arbitrary files from the system.
An attacker could use this to download the ColdFusion password file (which contains the admin password), thereby gaining access to the administrative web interface. Authenticated administrative access can result in arbitrary code execution.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top