admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-29 01:30:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/CVE-2023-38203.md
Goby 9636942ed5
Create CVE-2023-38203.md 
add CVE-2023-38203
2023-07-24 18:39:19 +08:00

13 lines
1.1 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

## Adobe Coldfusion remote code execution vulnerability (CVE-2023-38203)
| **Vulnerability** | **Adobe Coldfusion remote code execution vulnerability (CVE-2023-38203)** |
| :----: | :-----|
| **Chinese name** | Adobe ColdFusion 远程代码执行漏洞CVE-2023-38203 |
| **CVSS core** | 9.8 |
| **FOFA Query** (click to view the results directly)| [(body="crossdomain.xml" && body="CFIDE") \|\| (body="#000808" && body="#e7e7e7")](https://en.fofa.info/result?qbase64=IChib2R5PSJjcm9zc2RvbWFpbi54bWwiICYmIGJvZHk9IkNGSURFIikgfHwgKGJvZHk9IiMwMDA4MDgiICYmIGJvZHk9IiNlN2U3ZTciKQ%3D%3D) |
| **Number of assets affected** | 3740 |
| **Description** | Adobe Coldfusion is a commercial application server developed by Adobe for web applications.The attacker can send unbelievable serialized data and trigger derivativeization to the Coldfusion server, thereby executing any code. |
| **Impact** | The attacker can execute the code at the server through this vulnerability, obtain the server permissions, and then control the entire web server. |
![](https://s3.bmp.ovh/imgs/2023/07/24/514d4dd7f7e3b52c.gif)
Reference in New Issue View Git Blame Copy Permalink