Main Vulnerability Database Vulnerabilities #VU17889

Dangerous file upload in ColdFusion - CVE-2019-7816

Published: March 1, 2019

Vulnerability identifier: #VU17889

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2019-7816

CWE-ID: CWE-434

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: Adobe

Affected software:
ColdFusion

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input when processing file uploads. A remote attacker can upload and execute arbitrary code on the target system with privileges of the ColdFusion service. Successful exploitation of the vulnerability requires that the attacker has the ability to upload files.

Note, this vulnerability is being actively exploited in the wild.

How to mitigate CVE-2019-7816

Install updates from vendor's website.

Sources

https://helpx.adobe.com/security/products/coldfusion/apsb19-14.html

Dangerous file upload in ColdFusion - CVE-2019-7816

Detailed vulnerability description

How to mitigate CVE-2019-7816

Sources

Please verify you're human