Home

CVE-2019-7838

Description

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a file extension blacklist bypass vulnerability. Successful exploitation could lead to arbitrary code execution.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
30.353

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Coldfusion 10 2018Windows
Multiple Vulnerabilities are affected in Coldfusion 11 2018Windows
Multiple Vulnerabilities are affected in Coldfusion 9 2018Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234