File Inclusion Vulnerability in Railo 4.2.1 and Earlier: Remote Code Execution and Information Disclosure

File Inclusion Vulnerability in Railo 4.2.1 and Earlier: Remote Code Execution and Information Disclosure

CVE-2014-5468 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code.

Learn more about our User Device Pen Test.