Description
The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.
Affected products
- allaire / coldfusion_server4.0 – 4.0