A file upload vulnerability in the CKEditor of Adobe ColdFusion 11 (Update 14 and earlier), ColdFusion 2016 (Update 6 and earlier), and ColdFusion 2018 (July 12 release) allows unauthenticated remote attackers to upload and execute JSP files through the filemanager plugin.
Recent assessments:
jrobles-r7 at May 09, 2019 5:57pm UTC reported:
Description/Details copy/pasta from Metasploit module documentation.
A file upload vulnerability in the CKEditor of Adobe ColdFusion 11 (Update 14 and earlier), ColdFusion 2016 (Update 6 and earlier), and ColdFusion 2018 (July 12 release) allows unauthenticated remote attackers to upload and execute JSP files through the filemanager plugin.
Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 3