Strike ID:
E19-5m6w1
CVSS:
6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)
False Positive:
t
Variants:
1
Year:
2018

Description

This strike exploits a directory traversal vulnerability in Adobe ColdFusion CKEditor. The vulnerability is due to improper sanitization in the file upload.cfm. An attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. By successfully exploiting this vulnerability, a remote, unauthenticated attacker could upload arbitrary files to the target server.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}