The vulnerability of the administrator.cfc component in the ColdFusio software interface allows a hacker to bypass security restrictions or execute arbitrary code.

🗓️ 06 Jul 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru

The administrator.cfc vulnerability in ColdFusio enables security bypass and code execution due to poor data protection.

Reporter	Title	Published	Views	Family All 28
0day.today	Adobe ColdFusion APSB13-03 Remote Exploit	10 Apr 201300:00	–	zdt
0day.today	Adobe ColdFusion 9 Administrative Login Bypass Vulnerability	21 Aug 201300:00	–	zdt
0day.today	Adobe ColdFusion 9 Administrative Login Bypass Vulnerability	11 Dec 201300:00	–	zdt
ATTACKERKB	CVE-2013-0632	17 Jan 201300:00	–	attackerkb
Circl	CVE-2013-0632	10 Apr 201300:00	–	circl
CISA KEV Catalog	Adobe ColdFusion Authentication Bypass Vulnerability	3 Mar 202200:00	–	cisa_kev
Tenable Nessus	Adobe ColdFusion Authentication Bypass (APSB13-03)	19 Feb 201300:00	–	nessus
Tenable Nessus	Adobe ColdFusion Multiple Vulnerabilities (APSB13-03) (credentialed check)	21 May 201300:00	–	nessus
Check Point Advisories	Adobe ColdFusion Authentication Bypass (CVE-2013-0632)	19 Feb 201300:00	–	checkpoint_advisories
CVE	CVE-2013-0632	17 Jan 201300:00	–	cve

Vulners

Node

adobe_systems coldfusionMatch9.0

OR

adobe_systems coldfusionMatch9.0.1

OR

adobe_systems coldfusionMatch9.0.2

OR

adobe_systems coldfusionMatch10

Source	Link
adobe	www.adobe.com/support/security/advisories/apsa13-01.html
adobe	www.adobe.com/support/security/bulletins/apsb13-03.html
exploit-db	www.exploit-db.com/exploits/30210
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog
nvd	www.nvd.nist.gov/vuln/detail/CVE-2013-0632
cisa	www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv
web	www.web.nvd.nist.gov/view/vuln/detail

24 Sep 2024 00:00Current

CVSS 39.6

CVSS 210

EPSS0.92679

administrator component vulnerability coldfusion interface security bypass code execution data protection weakness