## https://sploitus.com/exploit?id=A5DBF75A-0E06-5288-B222-9B0D89D03F46
# CVE-2024-20767 Exploit for Adobe ColdFusion ๐ ๏ธ
This repository contains an exploit for Adobe ColdFusion, specifically targeting the CVE-2024-20767 vulnerability disclosed on March 12, 2024. This critical security issue allows for arbitrary file system read access due to Improper Access Control (CWE-284).
## Description ๐
The vulnerability has been assigned a critical severity rating, with a CVSS base score of 8.2. It affects Adobe ColdFusion versions 2023 (Update 6 and earlier) and 2021 (Update 12 and earlier), across all platforms.
## Affected Products ๐
- ColdFusion 2023: Update 6 and earlier versions
- ColdFusion 2021: Update 12 and earlier versions
## Exploit Usage ๐ป
This exploit allows users to read arbitrary files from the file system of a server running a vulnerable version of Adobe ColdFusion.
### Prerequisites
- Python 3.x
### Steps
1. Clone this repository.
2. Install the required Python libraries: `pip install -r requirements.txt`
3. Run the exploit script with necessary arguments:
```bash
python3 exploit.py -u <TARGET_URL> -o <OUTPUT_FILE>
```
- `-u, --url`: Target Adobe ColdFusion Server URL
- `-o, --output`: File to write vulnerable instances
### Example
```bash
python3 exploit.py -u https://example.com -o vulnerable.txt
```
## Mitigation ๐ก๏ธ
Adobe has released security updates to address this vulnerability. It is highly recommended to update affected ColdFusion installations to the latest version:
- ColdFusion 2023: Update 7
- ColdFusion 2021: Update 13
Refer to Adobe's official security bulletin APSB24-14 for detailed information and update links.
## Disclaimer
This exploit is provided for educational purposes only. Use it at your own risk. Unauthorized hacking is illegal and unethical.
## References
- Adobe Security Bulletin [APSB24-14](https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html)
- CVE-2024-20767 details on [CVE Mitre](https://vulners.com/cve/CVE-2024-20767)
Stay safe and secure! ๐