Description
The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to upload files to the server via openfile.cfm, which does not restrict access to the server properly.
Affected products
- allaire / coldfusion_server2.0 – 2.0
- allaire / coldfusion_server3.0 – 3.0
- allaire / coldfusion_server3.01 – 3.01
- allaire / coldfusion_server3.11 – 3.11
- allaire / coldfusion_server3.12 – 3.12
- allaire / coldfusion_server4.0 – 4.0