CVE-2013-0629

HIGH KEV

Adobe ColdFusion <10 - Info Disclosure

Title source: llm

Exploitation Summary

CVE-2013-0629 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 7, 2022. EIP tracks 1 public exploit.

AI-analyzed exploit summary This Metasploit module exploits multiple vulnerabilities in Adobe ColdFusion APSB13-03, including directory traversal (CVE-2013-0629) and authentication bypass (CVE-2013-0632), to achieve remote command execution. It leverages scheduled tasks to drop and execute payloads on the target system.

Description

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.

Exploits (1)

exploitdb WORKING POC

rubyremotemultiple

https://www.exploit-db.com/exploits/24946

View Code ZIP pw:eip

This Metasploit module exploits multiple vulnerabilities in Adobe ColdFusion APSB13-03, including directory traversal (CVE-2013-0629) and authentication bypass (CVE-2013-0632), to achieve remote command execution. It leverages scheduled tasks to drop and execute payloads on the target system.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Adobe ColdFusion (versions affected by APSB13-03)

No auth needed

Prerequisites: Network access to the ColdFusion administrator interface · Vulnerable ColdFusion version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-0629

Not Applicable x_refsource_confirm

http://www.adobe.com/support/security/bulletins/apsb13-03.html

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/57165

Vendor Advisory x_refsource_confirm

http://www.adobe.com/support/security/advisories/apsa13-01.html

Scores

CVSS v3 7.5

EPSS 0.8181

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact partial

Details

CISA KEV 2022-03-07

VulnCheck KEV 2013-01-09

InTheWild.io 2013-01-18

ENISA EUVD EUVD-2013-0640

Status published

Products (4)

adobe/coldfusion 9.0

adobe/coldfusion 9.0.1

adobe/coldfusion 9.0.2

adobe/coldfusion 10.0

Published Jan 09, 2013

KEV Added Mar 07, 2022

Tracked Since Feb 18, 2026