Share
## https://sploitus.com/exploit?id=A5DBF75A-0E06-5288-B222-9B0D89D03F46
# CVE-2024-20767 Exploit for Adobe ColdFusion ๐Ÿ› ๏ธ

This repository contains an exploit for Adobe ColdFusion, specifically targeting the CVE-2024-20767 vulnerability disclosed on March 12, 2024. This critical security issue allows for arbitrary file system read access due to Improper Access Control (CWE-284).

## Description ๐Ÿ“

The vulnerability has been assigned a critical severity rating, with a CVSS base score of 8.2. It affects Adobe ColdFusion versions 2023 (Update 6 and earlier) and 2021 (Update 12 and earlier), across all platforms.

## Affected Products ๐Ÿ“‰

- ColdFusion 2023: Update 6 and earlier versions
- ColdFusion 2021: Update 12 and earlier versions

## Exploit Usage ๐Ÿ’ป

This exploit allows users to read arbitrary files from the file system of a server running a vulnerable version of Adobe ColdFusion.

### Prerequisites

- Python 3.x

### Steps

1. Clone this repository.
2. Install the required Python libraries: `pip install -r requirements.txt`
3. Run the exploit script with necessary arguments:

```bash
python3 exploit.py -u <TARGET_URL> -o <OUTPUT_FILE>
```

- `-u, --url`: Target Adobe ColdFusion Server URL
- `-o, --output`: File to write vulnerable instances

### Example

```bash
python3 exploit.py -u https://example.com -o vulnerable.txt
```

## Mitigation ๐Ÿ›ก๏ธ

Adobe has released security updates to address this vulnerability. It is highly recommended to update affected ColdFusion installations to the latest version:

- ColdFusion 2023: Update 7
- ColdFusion 2021: Update 13

Refer to Adobe's official security bulletin APSB24-14 for detailed information and update links.

## Disclaimer

This exploit is provided for educational purposes only. Use it at your own risk. Unauthorized hacking is illegal and unethical.

## References

- Adobe Security Bulletin [APSB24-14](https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html)
- CVE-2024-20767 details on [CVE Mitre](https://vulners.com/cve/CVE-2024-20767)

Stay safe and secure! ๐Ÿ”