.. / CVE-2023-29300

Exploit for Adobe ColdFusion - Pre-Auth Remote Code Execution (CVE-2023-29300)

Description:

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

Nuclei Template

View the template here CVE-2023-29300.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-29300.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-29300
https://blog.projectdiscovery.io/adobe-coldfusion-rce/
https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html
https://github.com/Threekiii/Vulhub-Reproduce
https://github.com/Ostorlab/KEV
https://github.com/XRSec/AWVS-Update