9.8
CVSSv3

CVE-2018-15961

CVSSv4: NA | CVSSv3: 9.8 | CVSSv2: 10 | VMScore: 1000 | EPSS: 0.94396 | KEV: Exploitation Reported
Published: 25/09/2018 Updated: 13/02/2025

Vulnerability Summary

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and previous versions, and Update 14 and previous versions have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe coldfusion

adobe coldfusion 11.0

adobe coldfusion 2016

adobe coldfusion 2018

Exploits

Adobe ColdFusion 2018 suffers from a remote shell upload vulnerability ...

Github Repositories

cve-2018-15961

CVE-2018-15961 This is part of Cved: a tool to manage vulnerable docker containers Cved: githubcom/git-rep-src/cved Image source: githubcom/cved-sources/cve-2018-15961 Image author: bintraycom/eaps/coldfusion/cf%3Acoldfusion/201800

Web-Coldfusion-Vulnerability-POC PT-BR PAPER neste paper irei mostrar como explorar O CVE-2018–15961 e CVE-2017–3066 endpoints web server coldfusion: cfc, cfm, cfml e outros primeiro CVE: CVE-2018-15961** ############## entrypoint: /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadcfm ############## reference exploit: githubcom/xbufu/CVE-2018-159

Unrestricted file upload in Adobe ColdFusion

CVE-2018-15961 Unrestricted file upload in Adobe ColdFusion POST /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadcfm HTTP/11 Host: coldfusion:port User-Agent: Mozilla/50 (Windows NT 100; WOW64) AppleWebKit/53736 (KHTML, like Gecko) Chrome/62032029 Safari/53736 Content-Type: multipart/form-data; boundary=---------------------------24464570528145 Content-Leng

Exploit for CVE-2018-15961, a unrestricted file upload vulnerability in Adobe ColdFusion 2018 leading to RCE

CVE-2018-15961 - Adobe ColdFusion 2018 RCE This repository contains my exploit code for the RCE vulnerability in Adobe ColdFusion 2018 Exploit Description The exploit sends a POST request containing a JSP reverse shell to /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadcfm If successfull, this uploads the shell to /cf_scripts/scripts/ajax/ckeditor/plugins/fileman

CVE-2018-15961 — ᴀᴅᴏʙᴇ ᴄᴏʟᴅғᴜsɪᴏɴ (ʀᴄᴇ)

CVE-2018-15961 - Adobe ColdFusion RCE This repository contains my exploit code for the RCE vulnerability in Adobe ColdFusion 2021 Exploit Description The exploit sends a POST request containing a JSP reverse shell to /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadcfm If successfull, this uploads the shell to /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/