8.8
CVSSv3

CVE-2014-5468

Published: 07/02/2020 Updated: 11/02/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 725
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

A File Inclusion vulnerability exists in Railo 4.2.1 and previous versions via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

getrailo railo

Exploits

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit4 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpServer def initialize(info = {}) sup ...

Metasploit Modules

Railo Remote File Include

This module exploits a remote file include vulnerability in Railo, tested against version 4.2.1. First, a call using a vulnerable <cffile> line in thumbnail.cfm allows an attacker to download an arbitrary PNG file. By appending a .cfm, and taking advantage of a directory traversal, an attacker can append cold fusion markup to the PNG file, and have it interpreted by the server. This is used to stage and execute a fully-fledged payload.

msf > use exploit/linux/http/railo_cfml_rfi
      msf exploit(railo_cfml_rfi) > show targets
            ...targets...
      msf exploit(railo_cfml_rfi) > set TARGET <target-id>
      msf exploit(railo_cfml_rfi) > show options
            ...show and set options...
      msf exploit(railo_cfml_rfi) > exploit