.. / CVE-2023-38203

Exploit for Adobe ColdFusion - Deserialization of Untrusted Data (CVE-2023-38203)

Description:

Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.

Nuclei Template

View the template here CVE-2023-38203.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-38203.yaml
Copy

References:

https://github.com/Ostorlab/KEV
https://nvd.nist.gov/vuln/detail/CVE-2023-38203
https://blog.projectdiscovery.io/adobe-coldfusion-rce/