13 lines
No EOL
617 B
Text
13 lines
No EOL
617 B
Text
source: https://www.securityfocus.com/bid/15777/info
|
|
|
|
CF_Nuke is prone to a local file include vulnerability. This is due to a lack of sanitization of user-supplied input.
|
|
|
|
This may facilitate the unauthorized viewing of files and unauthorized execution of local ColdFusion code.
|
|
|
|
It should be noted that successful exploitation requires that "Sandbox Security" is not enabled for the directory.
|
|
|
|
CF_Nuke 4.6 and prior versions are reported to be vulnerable; other versions may also be affected.
|
|
|
|
http://www.example.com/index.cfm?sector=../local file
|
|
|
|
http://www.example.com/index.cfm?sector=quotes&page=../local file |