Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ColdFusion漏洞
Vulnerability Description
运行于Windows的ColdFusion 4.5和5版本设置先进安全沙箱类型为"operating system",不能在(1)与<CFEXECUTE>一起的创建子进程和(2)与<CFOBJECT>一起执行或以CFX扩展名结束的子进程调用CreateProcess函数通过安全环境。攻击者可以利用该漏洞执行带有系统账户许可的程序。
CVSS Information
N/A
Vulnerability Type
N/A