# Coldfusion 2023/2021 未授权 monitor uuid 泄漏导致任意文件读写漏洞
## 漏洞概述
ColdFusion 的某些版本存在一个 Improper Access Control 漏洞,该漏洞可能导致任意文件系统读取,攻击者可以利用此漏洞访问或修改受限制的文件。
## 影响版本
- 2023.6
- 2021.12 及更早版本
## 细节
攻击者无需用户交互即可利用此漏洞。不过,利用此漏洞需要 ColdFusion 管理面板暴露于互联网。
## 影响
- 攻击者可以访问或修改受限文件。
- 利用此漏洞无需用户交互,但需要 ColdFusion 管理面板暴露于互联网。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Exploit for CVE-2024-20767 - Adobe ColdFusion | https://github.com/yoryio/CVE-2024-20767 | POC详情 |
| 2 | Proof of Concept for CVE-2024-20767. Arbitrary file read from Adobe ColdFusion | https://github.com/m-cetin/CVE-2024-20767 | POC详情 |
| 3 | Exploit Toolkit for Adobe ColdFusion CVE-2024-20767 Vulnerability | https://github.com/Chocapikk/CVE-2024-20767 | POC详情 |
| 4 | None | https://github.com/huyqa/cve-2024-20767 | POC详情 |
| 5 | Exploit for CVE-2024-20767 affecting Adobe ColdFusion | https://github.com/Praison001/CVE-2024-20767-Adobe-ColdFusion | POC详情 |
| 6 | ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-20767.yaml | POC详情 |
| 7 | None | https://github.com/alm6no5/CVE-2024-20767 | POC详情 |
暂无评论