.. / CVE-2023-26360

Exploit for Unauthenticated File Read Adobe ColdFusion (CVE-2023-26360)

Description:

Unauthenticated Arbitrary File Read vulnerability due to deserialization of untrusted data in Adobe ColdFusion. The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier

Nuclei Template

View the template here CVE-2023-26360.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-26360.yaml
Copy

References:

https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
https://nvd.nist.gov/vuln/detail/CVE-2023-26360
https://github.com/Ostorlab/KEV
http://packetstormsecurity.com/files/172079/Adobe-ColdFusion-Unauthenticated-Remote-Code-Execution.html
https://attackerkb.com/topics/F36ClHTTIQ/cve-2023-26360/rapid7-analysis