Short Name |
HTTP:MISC:ADOBE-UPLOAD |
---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Adobe ColdFusion CKEditor Unrestricted File Upload |
Release Date |
2018/11/27 |
Update Number |
3120 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
An unrestricted file upload vulnerability has been reported in the CKEditor component of Adobe ColdFusion. Successful exploitation results in the execution of the malicious file on the server.
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.