This module exploits an Improper Access Vulnerability in Adobe Coldfusion versions prior to version
'2023 Update 6' and '2021 Update 12'. The vulnerability allows unauthenticated attackers to request authentication
token in the form of a UUID from the /CFIDE/adminapi/_servermanager/servermanager.cfc endpoint. Using that
UUID attackers can hit the /pms endpoint in order to exploit the Arbitrary File Read Vulnerability.
msf > use auxiliary/gather/coldfusion_pms_servlet_file_read
msf auxiliary(coldfusion_pms_servlet_file_read) > show actions
...actions...
msf auxiliary(coldfusion_pms_servlet_file_read) > set ACTION < action-name >
msf auxiliary(coldfusion_pms_servlet_file_read) > show options
...show and set options...
msf auxiliary(coldfusion_pms_servlet_file_read) > run