.. / CVE-2023-29298

Exploit for Adobe ColdFusion - Access Control Bypass (CVE-2023-29298)

Description:

An attacker is able to access every CFM and CFC endpoint within the ColdFusion Administrator path /CFIDE/, of which there are 437 CFM files and 96 CFC files in a ColdFusion 2021 Update 6 install.

Nuclei Template

View the template here CVE-2023-29298.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-29298.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-29298
https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html
https://github.com/Ostorlab/KEV
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
https://www.rapid7.com/blog/post/2023/07/11/cve-2023-29298-adobe-coldfusion-access-control-bypass/
https://github.com/XRSec/AWVS-Update