Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-20767 PoC — ColdFusion | Improper Access Control (CWE-284)

Source
https://github.com/Chocapikk/CVE-2024-20767
Associated Vulnerability
Title:ColdFusion | Improper Access Control (CWE-284) (CVE-2024-20767)
Description:ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.
Description
Exploit Toolkit for Adobe ColdFusion CVE-2024-20767 Vulnerability
Readme
# CVE-2024-20767 Exploit for Adobe ColdFusion 🛠️

This repository contains an exploit for Adobe ColdFusion, specifically targeting the CVE-2024-20767 vulnerability disclosed on March 12, 2024. This critical security issue allows for arbitrary file system read access due to Improper Access Control (CWE-284).

## Description 📝

The vulnerability has been assigned a critical severity rating, with a CVSS base score of 8.2. It affects Adobe ColdFusion versions 2023 (Update 6 and earlier) and 2021 (Update 12 and earlier), across all platforms.

## Affected Products 📉

- ColdFusion 2023: Update 6 and earlier versions
- ColdFusion 2021: Update 12 and earlier versions

## Exploit Usage 💻

This exploit allows users to read arbitrary files from the file system of a server running a vulnerable version of Adobe ColdFusion.

### Prerequisites

- Python 3.x

### Steps

1. Clone this repository.
2. Install the required Python libraries: `pip install -r requirements.txt`
3. Run the exploit script with necessary arguments:

```bash
python3 exploit.py -u <TARGET_URL> -o <OUTPUT_FILE>
```

- `-u, --url`: Target Adobe ColdFusion Server URL
- `-o, --output`: File to write vulnerable instances

### Example

```bash
python3 exploit.py -u https://example.com -o vulnerable.txt
```

## Mitigation 🛡️

Adobe has released security updates to address this vulnerability. It is highly recommended to update affected ColdFusion installations to the latest version:

- ColdFusion 2023: Update 7
- ColdFusion 2021: Update 13

Refer to Adobe's official security bulletin APSB24-14 for detailed information and update links.

## Disclaimer

This exploit is provided for educational purposes only. Use it at your own risk. Unauthorized hacking is illegal and unethical.

## References

- Adobe Security Bulletin [APSB24-14](https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html)
- CVE-2024-20767 details on [CVE Mitre](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20767)

Stay safe and secure! 🔐
File Snapshot

 [4.0K]  /data/pocs/236696df35b89623ded0663aef2d355599335400
├── [4.4K]  exploit.py
├── [2.0K]  README.md
└── [  68]  requirements.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →