Adobe ColdFusion File Upload (APSB18-33) (CVE-2018-15961)
Critical Nessus Plugin ID 130263
SynopsisThe remote web server contains an application that is affected by an arbitrary file upload vulnerability.
DescriptionAn arbitrary file upload vulnerability exists in Adobe ColdFusion due to insufficient validation in the filemanager plugin. An unauthenticated, remote attacker can exploit this, via a specially crafted POST request, to upload arbitrary files on the remote host.
SolutionUpgrade to Adobe ColdFusion 11 Update 15, 2016 Update 7, or 2018 Update 1 or later