CVE-2023-26360

Description

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.

NVD
Severity: CRITICAL
CVE ID: CVE-2023-26360
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Adobe Systems Incorporated
Severity: HIGH
CVE ID: CVE-2023-26360
CVSS Score: 8.6
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2023-26360

Refrence: Project Discovery GitHub

yosef0x01

Exploit for Arbitrary File Read for CVE-2023-26360 - Adobe Coldfusion

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept