This Metasploit module exploits an Improper Access Vulnerability in Adobe Coldfusion versions prior to version 2023 Update 6 and 2021 Update 12. The vulnerability allows unauthenticated attackers to request authentication token in the form of a UUID from the /CFIDE/adminapi/_servermanager/servermanager.cfc endpoint. Using that UUID attackers can hit the /pms endpoint in order to exploit the Arbitrary File Read Vulnerability.
e89b9c55f15b5bbc361d35004fa9ae593f647615c4b1b4703a7b67d828ea9ff3Jenkins versions 2.441 and LTS 2.426.3 arbitrary file read scanner.
0a161df23c6bac97a5923092b79fd307c231d11a8c0ec701df49569cfd362dfc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed