Closed frkngksl closed 7 months ago
Hi @frkngksl,
At the moment we are not interested with this plugin. Feel free to suggest more advisories though.
~tooryx
Hi @tooryx thank you so much for the answer. Is there any reason why you are not interested with this? I'm asking to learn your criteria for the plugins.
Hi @frkngksl,
We simply are less interested in the product itself (Coldfusion) for now.
~tooryx
Hi there.
I would like to start implementing a plugin to detect Adobe ColdFusion Unauthenticated RCE (https://nvd.nist.gov/vuln/detail/CVE-2023-26360). This vulnerability was published in 03/23/2023.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-26360 https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
Description: Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Versions: Adobe ColdFusion 2018 <= Update 15 Adobe ColdFusion 2021 <= Update 5
I will send the PR if it is valid for the scope. Thanks.