CVE-2019-7839

CRITICAL

ColdFusion <Update 3 - Command Injection

Title source: llm

Description

ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

Exploits (1)

nomisec WORKING POC 7 stars
by securifera · poc
https://github.com/securifera/CVE-2019-7839

References (3)

Scores

CVSS v3 9.8
EPSS 0.4595
EPSS Percentile 97.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-77
Status published
Products (3)
adobe/coldfusion 11.0 (19 CPE variants)
adobe/coldfusion 2016 (11 CPE variants)
adobe/coldfusion 2018 (4 CPE variants)
Published Jun 12, 2019
Tracked Since Feb 18, 2026