{"uuid": "999140f2-0fee-4f32-80d0-947abc0a5b1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26359", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/169", "content": "Analysis of CVE-2023-26359 in Adobe ColdFusion \n\n\ud83d\udc64 by Rapid7\n\nAdobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.\n\n\ud83d\udcdd Contents:\n\u25cf Overview\n\u25cf Root Cause Analysis\n\u25cf Triggering the Vulnerability\n\u25cf PoC \u2013 Arbitrary Code Execution\n\u25cf PoC \u2013 Arbitrary File Read\n\u25cf PoC \u2013 Remote Code Execution\n\u25cf Indicators of Compromise\n\u25cf Guidance\n\nhttps://attackerkb.com/topics/1iRdvtUgtW/cve-2023-26359/rapid7-analysis", "creation_timestamp": "2023-04-04T06:27:25.000000Z"}