A File Inclusion vulnerability exists in Railo 4.2.1 and previous versions via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
getrailo railo |