Adobe ColdFusion is prone to an arbitrary file-upload vulnerability.
An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.
The following versions are affected:
ColdFusion version 2018 Update 2 and prior.
ColdFusion version 2016 Update 9 and prior.
ColdFusion version 11 Update 17 and prior.