GobyVuls/Adobe_ColdFusion_WDDX_C3P0_remote code_execution_vulnerability.md

## Adobe ColdFusion WDDX C3P0 remote code execution vulnerability

|   **Vulnerability**  | **Adobe ColdFusion WDDX C3P0 remote code execution vulnerability**  |
| :----:   | :-----|
|  **Chinese name**  | Adobe ColdFusion WDDX C3P0 远程代码执行漏洞 |
| **CVSS core**  | 9.8 |
| **FOFA Query**  (click to view the results directly)| [body="/cfajax/" \|\| header="CFTOKEN" \|\| banner="CFTOKEN" \|\| body="ColdFusion.Ajax" \|\| body="<cfscript>" \|\| server="ColdFusion" \|\| title="ColdFusion" \|\| (body="crossdomain.xml" && body="CFIDE") \|\| (body="#000808" && body="#e7e7e7")](https://en.fofa.info/result?qbase64=Ym9keT0iL2NmYWpheC8iIHx8IGhlYWRlcj0iQ0ZUT0tFTiIgfHwgYmFubmVyPSJDRlRPS0VOIiB8fCBib2R5PSJDb2xkRnVzaW9uLkFqYXgiIHx8IGJvZHk9IjxjZnNjcmlwdD4iIHx8IHNlcnZlcj0iQ29sZEZ1c2lvbiIgfHwgdGl0bGU9IkNvbGRGdXNpb24iIHx8IChib2R5PSJjcm9zc2RvbWFpbi54bWwiICYmIGJvZHk9IkNGSURFIikgfHwgKGJvZHk9IiMwMDA4MDgiICYmIGJvZHk9IiNlN2U3ZTciKQ%3D%3D) |
| **Number of assets affected**  | 567468 |
| **Description**  | Adobe Coldfusion is a commercial application server developed by Adobe for web applications.The attacker can send unbelievable serialized data and trigger derivativeization to the Coldfusion server, thereby executing any code. |
| **Impact** | The attacker can execute the code at the server through this vulnerability, obtain the server permissions, and then control the entire web server. |
Create Adobe_ColdFusion_WDDX_C3P0_remote code_execution_vulnerability.md 2023-09-05 14:32:47 +08:00			`## Adobe ColdFusion WDDX C3P0 remote code execution vulnerability`

			`\| Vulnerability \| Adobe ColdFusion WDDX C3P0 remote code execution vulnerability \|`
			`\| :----: \| :-----\|`
			`\| Chinese name \| Adobe ColdFusion WDDX C3P0 远程代码执行漏洞 \|`
			`\| CVSS core \| 9.8 \|`
Update Adobe_ColdFusion_WDDX_C3P0_remote code_execution_vulnerability.md 2023-09-07 22:42:11 +08:00			\| FOFA Query (click to view the results directly)\| [body="/cfajax/" \\|\\| header="CFTOKEN" \\|\\| banner="CFTOKEN" \\|\\| body="ColdFusion.Ajax" \\|\\| body="<cfscript>" \\|\\| server="ColdFusion" \\|\\| title="ColdFusion" \\|\\| (body="crossdomain.xml" && body="CFIDE") \\|\\| (body="#000808" && body="#e7e7e7")](https://en.fofa.info/result?qbase64=Ym9keT0iL2NmYWpheC8iIHx8IGhlYWRlcj0iQ0ZUT0tFTiIgfHwgYmFubmVyPSJDRlRPS0VOIiB8fCBib2R5PSJDb2xkRnVzaW9uLkFqYXgiIHx8IGJvZHk9IjxjZnNjcmlwdD4iIHx8IHNlcnZlcj0iQ29sZEZ1c2lvbiIgfHwgdGl0bGU9IkNvbGRGdXNpb24iIHx8IChib2R5PSJjcm9zc2RvbWFpbi54bWwiICYmIGJvZHk9IkNGSURFIikgfHwgKGJvZHk9IiMwMDA4MDgiICYmIGJvZHk9IiNlN2U3ZTciKQ%3D%3D) \|
Create Adobe_ColdFusion_WDDX_C3P0_remote code_execution_vulnerability.md 2023-09-05 14:32:47 +08:00			`\| Number of assets affected \| 567468 \|`
			`\| Description \| Adobe Coldfusion is a commercial application server developed by Adobe for web applications.The attacker can send unbelievable serialized data and trigger derivativeization to the Coldfusion server, thereby executing any code. \|`
			`\| Impact \| The attacker can execute the code at the server through this vulnerability, obtain the server permissions, and then control the entire web server. \|`