.. / CVE-2023-38205

Exploit for Adobe ColdFusion - Access Control Bypass (CVE-2023-38205)

Description:

There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion’s Administrator.

Nuclei Template

View the template here CVE-2023-38205.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-38205.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-38205
https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html
https://github.com/Ostorlab/KEV
https://www.rapid7.com/blog/post/2023/07/19/cve-2023-38205-adobe-coldfusion-access-control-bypass-fixed/
https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors