CVE-2024-20767
Description
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.
Adobe Systems Incorporated
Severity: HIGH
CVE ID: CVE-2024-20767
CVSS Score: 8.2
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Proof Of Concept
Nuclei Templates for CVE-2024-20767
Refrence: Project Discovery GitHub
yoryio
Exploit for CVE-2024-20767 - Adobe ColdFusion
Refrence: GitHub
m-cetin
Proof of Concept for CVE-2024-20767. Arbitrary file read from Adobe ColdFusion
Refrence: GitHub
Chocapikk
Exploit Toolkit for Adobe ColdFusion CVE-2024-20767 Vulnerability
Refrence: GitHub
huyqa
Refrence: GitHub
Praison001
Exploit for CVE-2024-20767 affecting Adobe ColdFusion
Refrence: GitHub