CVE-1999-0800
Allaire Forums < 2.0.4 - Unauthenticated Arbitrary File Read via GetFile.cfm
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-1999-0800. PoCs published by Cameron Childress.
AI-analyzed exploit summary This is a writeup describing an arbitrary file read vulnerability in Allaire Forums via the 'GetFile.cfm' endpoint. The vulnerability allows unauthenticated users to read any file on the server by manipulating the 'FilePath' parameter.
Description
The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Cameron Childress · textremotemultiple
https://www.exploit-db.com/exploits/19193
This is a writeup describing an arbitrary file read vulnerability in Allaire Forums via the 'GetFile.cfm' endpoint. The vulnerability allows unauthenticated users to read any file on the server by manipulating the 'FilePath' parameter.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
Allaire Forums 2.0.4 and earlier
No auth needed
Prerequisites:
access to the 'GetFile.cfm' endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (4)
Core 4
Core References
Exploit, Vendor Advisory mailing-list
x_refsource_ntbugtraq
http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00332.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/1748
Patch, Vendor Advisory vendor-advisory
x_refsource_allaire
http://www.allaire.com/handlers/index.cfm?ID=9602&Method=Full
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/944
Scores
EPSS
0.0765
EPSS Percentile
93.8%
Details
Status
published
Products (1)
allaire/forums
< 2.0.4
Published
Mar 12, 2001
Tracked Since
Feb 18, 2026