This repository contains an exploit for Adobe ColdFusion, specifically targeting the CVE-2024-20767 vulnerability disclosed on March 12, 2024. This critical security issue allows for arbitrary file system read access due to Improper Access Control (CWE-284).
The vulnerability has been assigned a critical severity rating, with a CVSS base score of 8.2. It affects Adobe ColdFusion versions 2023 (Update 6 and earlier) and 2021 (Update 12 and earlier), across all platforms.
- ColdFusion 2023: Update 6 and earlier versions
- ColdFusion 2021: Update 12 and earlier versions
This exploit allows users to read arbitrary files from the file system of a server running a vulnerable version of Adobe ColdFusion.
- Python 3.x
- Clone this repository.
- Install the required Python libraries:
pip install -r requirements.txt - Run the exploit script with necessary arguments:
python3 exploit.py -u <TARGET_URL> -o <OUTPUT_FILE>-u, --url: Target Adobe ColdFusion Server URL-o, --output: File to write vulnerable instances
python3 exploit.py -u https://example.com -o vulnerable.txtAdobe has released security updates to address this vulnerability. It is highly recommended to update affected ColdFusion installations to the latest version:
- ColdFusion 2023: Update 7
- ColdFusion 2021: Update 13
Refer to Adobe's official security bulletin APSB24-14 for detailed information and update links.
This exploit is provided for educational purposes only. Use it at your own risk. Unauthorized hacking is illegal and unethical.
Stay safe and secure! π