Unauthenticated Remote Code Execution in Adobe ColdFusion 9.0, 9.0.1, and 9.0.2

Unauthenticated Remote Code Execution in Adobe ColdFusion 9.0, 9.0.1, and 9.0.2

CVE-2013-0625 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.

Learn more about our Web Application Penetration Testing UK.