CVE-2023-26360
Description
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
NVD
Severity: CRITICAL
CVE ID: CVE-2023-26360
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Adobe Systems Incorporated
Severity: HIGH
CVE ID: CVE-2023-26360
CVSS Score: 8.6
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Proof Of Concept
Nuclei Templates for CVE-2023-26360
Refrence: Project Discovery GitHub
yosef0x01
Exploit for Arbitrary File Read for CVE-2023-26360 - Adobe Coldfusion
Refrence: GitHub