CVE-2018-15961

CRITICAL KEV NUCLEI LAB

Adobe ColdFusion July 12 release (2018.0.0.310739) Update 6 and earlier Update 14 and earlier - Unrestricted File Upload

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-15961 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 7 public exploits from researchers including Vahagn Vardanyan, vah13, xbufu, including a Metasploit module exploits/multi/http/coldfusion_ckeditor_file_upload. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an unrestricted file upload vulnerability in Adobe ColdFusion 2018 (CVE-2018-15961). It allows an attacker to upload a malicious file by sending a crafted multipart/form-data POST request to the vulnerable endpoint, bypassing file type restrictions.

Description

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.

Exploits (7)

exploitdb WORKING POC
by Vahagn Vardanyan · textwebappsmultiple
https://www.exploit-db.com/exploits/45979

This exploit demonstrates an unrestricted file upload vulnerability in Adobe ColdFusion 2018 (CVE-2018-15961). It allows an attacker to upload a malicious file by sending a crafted multipart/form-data POST request to the vulnerable endpoint, bypassing file type restrictions.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Adobe ColdFusion 2018
No auth needed
Prerequisites: Network access to the ColdFusion server · Vulnerable endpoint exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 9 stars
by vah13 · remote
https://github.com/vah13/CVE-2018-15961

This PoC demonstrates an unrestricted file upload vulnerability in Adobe ColdFusion, allowing arbitrary file upload via a multipart/form-data POST request to a specific endpoint. The uploaded file can then be accessed, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Adobe ColdFusion (versions affected per APSB18-33)
No auth needed
Prerequisites: Network access to the ColdFusion server · Vulnerable endpoint exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 3 stars
by xbufu · remote
https://github.com/xbufu/CVE-2018-15961

This repository contains a Python-based exploit for CVE-2018-15961, which targets Adobe ColdFusion 2018. The exploit uploads a JSP reverse shell via a vulnerable endpoint and triggers it to establish a connection to an attacker-controlled host.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe ColdFusion 2018
No auth needed
Prerequisites: Network access to the target ColdFusion server · Listener set up on the specified LHOST and LPORT
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by orangmuda · remote
https://github.com/orangmuda/CVE-2018-15961

This exploit targets CVE-2018-15961, an RCE vulnerability in Adobe ColdFusion. It uploads a JSP reverse shell via a malicious POST request to a vulnerable endpoint and triggers it via a GET request.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Adobe ColdFusion 2021
No auth needed
Prerequisites: Network access to the target ColdFusion server · Listener set up on the specified LHOST and LPORT
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB 1 stars
by cved-sources · poc
https://github.com/cved-sources/cve-2018-15961

This repository is a stub for Cved, a tool to manage vulnerable Docker containers, and does not contain actual exploit code. It references an image source for CVE-2018-15961 but provides no functional PoC.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Adobe ColdFusion 2018.0.0
No auth needed
Prerequisites: Docker environment to pull the referenced vulnerable image
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by bu1xuan2 · remote
https://github.com/bu1xuan2/CVE-2018-15961

This exploit leverages an unrestricted file upload vulnerability in Adobe ColdFusion 2018 (CVE-2018-15961) to upload a malicious JSP file containing a reverse shell payload. The payload establishes a connection to an attacker-controlled listener, enabling remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Adobe ColdFusion 2018
No auth needed
Prerequisites: Target server running Adobe ColdFusion 2018 · Network access to the target server · Attacker-controlled listener for reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Pete Freitag de Foundeo, Vahagn vah_13 Vardanian, Qazeer · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/coldfusion_ckeditor_file_upload.rb

This Metasploit module exploits an unrestricted file upload vulnerability in Adobe ColdFusion's CKEditor (CVE-2018-15961). It uploads a malicious JSP payload via a multipart form request and triggers execution by accessing the uploaded file.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Adobe ColdFusion 11 (Update 14 and earlier), ColdFusion 2016 (Update 6 and earlier), ColdFusion 2018 (July 12 release)
No auth needed
Prerequisites: Network access to the ColdFusion server · CKEditor filemanager plugin accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Adobe ColdFusion - Unrestricted File Upload Remote Code Execution
CRITICALby SkyLark-Lab,ImNightmaree
Shodan: http.component:"Adobe ColdFusion" || http.component:"adobe coldfusion" || http.title:"coldfusion administrator login" || cpe:"cpe:2.3:a:adobe:coldfusion"
FOFA: title="coldfusion administrator login" || app="adobe-coldfusion"

References (5)

Core 5
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105314
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1041621
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45979/

Scores

CVSS v3 9.8
EPSS 0.9439
EPSS Percentile 100.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull eaps-docker-coldfusion.bintray.io/cf/coldfusion:2018.0.0
+3 more repos

Details

CISA KEV 2021-11-03
VulnCheck KEV 2021-11-03
InTheWild.io 2021-07-23
ENISA EUVD EUVD-2018-7817
CWE
CWE-434
Status published
Products (3)
adobe/coldfusion 11.0 (15 CPE variants)
adobe/coldfusion 2016 (7 CPE variants)
adobe/coldfusion 2018
Published Sep 25, 2018
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026