header-logo
Suggest Exploit
vendor:
CF_Nuke
by:
Unknown
5.5
CVSS
MEDIUM
Local File Include
22
CWE
Product Name: CF_Nuke
Affected Version From: 4.6
Affected Version To: 4.6
Patch Exists: No
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

CF_Nuke Local File Include Vulnerability

CF_Nuke is prone to a local file include vulnerability. This is due to a lack of sanitization of user-supplied input. This may facilitate the unauthorized viewing of files and unauthorized execution of local ColdFusion code. It should be noted that successful exploitation requires that "Sandbox Security" is not enabled for the directory.

Mitigation:

Enable "Sandbox Security" for the directory, sanitize user-supplied input.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15777/info

CF_Nuke is prone to a local file include vulnerability. This is due to a lack of sanitization of user-supplied input.

This may facilitate the unauthorized viewing of files and unauthorized execution of local ColdFusion code.

It should be noted that successful exploitation requires that "Sandbox Security" is not enabled for the directory.

CF_Nuke 4.6 and prior versions are reported to be vulnerable; other versions may also be affected. 

http://www.example.com/index.cfm?sector=../local file

http://www.example.com/index.cfm?sector=quotes&page=../local file

Navigation

Suggest Exploit

Services By CQR