cve/2024/CVE-2024-20767.md

### [CVE-2024-20767](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20767)
![](https://img.shields.io/static/v1?label=Product&message=ColdFusion&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Control%20(CWE-284)&color=brighgreen)

### Description

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/0day404/HV-2024-POC
- https://github.com/12442RF/POC
- https://github.com/AboSteam/POPC
- https://github.com/Chocapikk/CVE-2024-20767
- https://github.com/DMW11525708/wiki
- https://github.com/Hatcat123/my_stars
- https://github.com/Lern0n/Lernon-POC
- https://github.com/Linxloop/fork_POC
- https://github.com/NaInSec/CVE-LIST
- https://github.com/Ostorlab/KEV
- https://github.com/Praison001/CVE-2024-20767-Adobe-ColdFusion
- https://github.com/WhosGa/MyWiki
- https://github.com/XRSec/AWVS-Update
- https://github.com/Yuan08o/pocs
- https://github.com/admin772/POC
- https://github.com/adminlove520/pocWiki
- https://github.com/adysec/POC
- https://github.com/alm6no5/CVE-2024-20767
- https://github.com/cisp-pte/POC-20241008-sec-fork
- https://github.com/eeeeeeeeee-code/POC
- https://github.com/greenberglinken/2023hvv_1
- https://github.com/huyqa/cve-2024-20767
- https://github.com/ibaiw/2024Hvv
- https://github.com/iemotion/POC
- https://github.com/laoa1573/wy876
- https://github.com/m-cetin/CVE-2024-20767
- https://github.com/netlas-io/netlas-dorks
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/oLy0/Vulnerability
- https://github.com/packetinside/CISA_BOT
- https://github.com/qiuluo-oss/Tiger
- https://github.com/tanjiti/sec_profile
- https://github.com/trganda/starrlist
- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
- https://github.com/wy876/wiki
- https://github.com/yoryio/CVE-2024-20767
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2024-20767](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20767)`
			`![](https://img.shields.io/static/v1?label=Product&message=ColdFusion&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Control%20(CWE-284)&color=brighgreen)`

			`### Description`

Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00
			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/0day404/HV-2024-POC`
			`- https://github.com/12442RF/POC`
			`- https://github.com/AboSteam/POPC`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/Chocapikk/CVE-2024-20767`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/DMW11525708/wiki`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/Hatcat123/my_stars`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/Lern0n/Lernon-POC`
			`- https://github.com/Linxloop/fork_POC`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/NaInSec/CVE-LIST`
			`- https://github.com/Ostorlab/KEV`
			`- https://github.com/Praison001/CVE-2024-20767-Adobe-ColdFusion`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/WhosGa/MyWiki`
Update Sat May 25 23:14:52 UTC 2024 2024-05-25 23:14:53 +00:00			`- https://github.com/XRSec/AWVS-Update`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/Yuan08o/pocs`
			`- https://github.com/admin772/POC`
			`- https://github.com/adminlove520/pocWiki`
			`- https://github.com/adysec/POC`
			`- https://github.com/alm6no5/CVE-2024-20767`
			`- https://github.com/cisp-pte/POC-20241008-sec-fork`
			`- https://github.com/eeeeeeeeee-code/POC`
			`- https://github.com/greenberglinken/2023hvv_1`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/huyqa/cve-2024-20767`
Update CVE sources 2024-08-07 19:02 2024-08-07 19:02:05 +00:00			`- https://github.com/ibaiw/2024Hvv`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/iemotion/POC`
			`- https://github.com/laoa1573/wy876`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/m-cetin/CVE-2024-20767`
Update CVE sources 2024-06-08 09:32 2024-06-08 09:32:58 +00:00			`- https://github.com/netlas-io/netlas-dorks`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/nomi-sec/PoC-in-GitHub`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/oLy0/Vulnerability`
			`- https://github.com/packetinside/CISA_BOT`
Update CVE sources 2024-08-24 17:55 2024-08-24 17:55:21 +00:00			`- https://github.com/qiuluo-oss/Tiger`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/tanjiti/sec_profile`
			`- https://github.com/trganda/starrlist`
			`- https://github.com/wjlin0/poc-doc`
			`- https://github.com/wy876/POC`
			`- https://github.com/wy876/wiki`
			`- https://github.com/yoryio/CVE-2024-20767`