The Expression Evaluator in the ColdFusion Application Server allows a remote malicious user to upload files to the server via openfile.cfm, which does not restrict access to the server properly.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
allaire coldfusion server 2.0 |
||
allaire coldfusion server 3.0 |
||
allaire coldfusion server 3.01 |
||
allaire coldfusion server 3.11 |
||
allaire coldfusion server 3.12 |
||
allaire coldfusion server 4.0 |