### [CVE-2010-2861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2861)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.

### POC

#### Reference
- http://securityreason.com/securityalert/8148
- http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/

#### Github
- https://github.com/0ps/pocassistdb
- https://github.com/0xS3rgI0/Full-Cheatsheets
- https://github.com/0xs3rgi0/Full-Cheatsheets
- https://github.com/20142995/Goby
- https://github.com/422926799/haq5201314
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Advisory-Newsletter/Cring-Ransomware
- https://github.com/CertifiedCEH/DB
- https://github.com/CyberlearnbyVK/Cheatsheet-God
- https://github.com/CyberlearnbyVK/redteam-notebook
- https://github.com/D4rkSi3er/Cyber-Sec-Resources
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/H4cking2theGate/TraversalHunter
- https://github.com/HimmelAward/Goby_POC
- https://github.com/Odayex/BugBounty
- https://github.com/OlivierLaflamme/Cheatsheet-God
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/QWERTSKIHACK/Pentest-BookmarkS
- https://github.com/QWERTSKIHACK/Pentest-Bookmarkz
- https://github.com/SexyBeast233/SecBooks
- https://github.com/SofianeHamlaoui/Pentest-Bookmarkz
- https://github.com/Striving-to-learn/Cybersecurity-Resources
- https://github.com/Striving-to-learn/test
- https://github.com/TesterCC/exp_poc_library
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/Z0fhack/Goby_POC
- https://github.com/Z3ro110/Full-Cheatsheets
- https://github.com/amcai/myscan
- https://github.com/badrshs/pentest-bookmark-collection
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/bomergang/hackaas
- https://github.com/cyberharsh/coldfusion2861
- https://github.com/decal/CFMXDC
- https://github.com/djrod/CheatSheet_sec
- https://github.com/eric-erki/Cheatsheet-God
- https://github.com/foobarto/redteam-notebook
- https://github.com/gswest/HackerNote
- https://github.com/h4ck3root/HackerNote
- https://github.com/hcasaes/Cheatsheet-God
- https://github.com/hvardhanx/pentest-bookmarks
- https://github.com/jiushill/haq5201314
- https://github.com/jweny/pocassistdb
- https://github.com/k0mi-tg/Full-Cheatsheets
- https://github.com/mishmashclone/OlivierLaflamme-Cheatsheet-God
- https://github.com/mjutsu/Full-Cheatsheets
- https://github.com/samidunimsara/resources-to-learn-hacking
- https://github.com/sphinxs329/OSCP-Cheatsheet
- https://github.com/stefanpejcic/coldfusion
- https://github.com/t0m4too/t0m4to
- https://github.com/umamahesh5689/hk-gitfiles
- https://github.com/winterwolf32/Cheatsheet-God
- https://github.com/zhibx/fscan-Intranet