1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Adobe ColdFusion Unrestricted File Upload Vulnerability

Known Exploited Vulnerabilities CVE-2018-15961

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2018-15961 Adobe ColdFusion Unrestricted File Upload Vulnerability primary_impact T1491.002 External Defacement
Comments
In the wild, this CVE was seen to result in defacement.
References
  1. https://www.volexity.com/blog/2018/11/08/active-exploitation-of-newly-patched-coldfusion-vulnerability-cve-2018-15961/
  2. https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html
CVE-2018-15961 Adobe ColdFusion Unrestricted File Upload Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
This vulnerability is exploited by uploading a file to a public-facing ColdFusion server.
References
  1. https://www.volexity.com/blog/2018/11/08/active-exploitation-of-newly-patched-coldfusion-vulnerability-cve-2018-15961/
  2. https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html