Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and previous versions, and Update 14 and previous versions have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.
|Vulnerable Product||Search on Vulmon||Subscribe to Product|
Adobe has released out-of-band security updates to address a critical vulnerability impacting ColdFusion versions 2021, 2016, and 2018.
Today's emergency updates patch an arbitrary code execution security flaw caused by an
Adobe released ColdFusion 2016 Update 17, ColdFusion 2018 Update 11, and ColdFusion 2021 Update 1 to patch the vulnerability and said that all previous versions before these patches are vulnerable to attacks.
An Adobe ColdFusion vulnerability, patched two months ago, was being exploited in the wild by a China-linked APT group, researchers found.
The vulnerability, CVE-2018-15961, is a critical unrestricted file upload bug that could also lead to arbitrary code-execution, researchers at Volexity, who discovered the exploitation, said on Thursday.
“Volexity recently observed active exploitation of a newly patched vulnerability in Adobe ColdFusion, for which no public details or proof-of-c...