From 2f71aff036f9e0772786b16734d005452998f737 Mon Sep 17 00:00:00 2001
From: Goby <50955360+gobysec@users.noreply.github.com>
Date: Mon, 24 Jul 2023 18:38:44 +0800
Subject: [PATCH] Update GobyVuls-Document.md

---
 GobyVuls-Document.md | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/GobyVuls-Document.md b/GobyVuls-Document.md
index 76b33ea..865369a 100644
--- a/GobyVuls-Document.md
+++ b/GobyVuls-Document.md
@@ -1,7 +1,20 @@
 [# Goby History Update Vulnerability Total Document (Continuously Update) 
 The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing.
 
-**Updated document date: Jul 21, 2023** 
+**Updated document date: Jul 24, 2023** 
+
+## Adobe Coldfusion remote code execution vulnerability (CVE-2023-38203)
+
+|   **Vulnerability**  | **Adobe Coldfusion remote code execution vulnerability (CVE-2023-38203)**  |
+| :----:   | :-----|
+| **Chinese name**  | Adobe ColdFusion 远程代码执行漏洞（CVE-2023-38203） |
+| **CVSS core**  | 9.8 |
+| **FOFA Query**  (click to view the results directly)| [(body="crossdomain.xml" && body="CFIDE") \|\| (body="#000808" && body="#e7e7e7")](https://en.fofa.info/result?qbase64=IChib2R5PSJjcm9zc2RvbWFpbi54bWwiICYmIGJvZHk9IkNGSURFIikgfHwgKGJvZHk9IiMwMDA4MDgiICYmIGJvZHk9IiNlN2U3ZTciKQ%3D%3D) |
+| **Number of assets affected**  | 3740 |
+| **Description**  | Adobe Coldfusion is a commercial application server developed by Adobe for web applications.The attacker can send unbelievable serialized data and trigger derivativeization to the Coldfusion server, thereby executing any code. |
+| **Impact** | The attacker can execute the code at the server through this vulnerability, obtain the server permissions, and then control the entire web server. |
+
+![](https://s3.bmp.ovh/imgs/2023/07/24/514d4dd7f7e3b52c.gif)
 
 ## SANGFOR-IOMS catjs.php File Read Vulnerability