CVE-2024-20767

This exploit targets Adobe ColdFusion 2023.6 (CVE-2024-20767) to achieve remote file read by leveraging a directory traversal vulnerability in the logging module. It retrieves a UUID via an admin API endpoint and uses it to read arbitrary files.

The repository contains a functional Python exploit for CVE-2024-20767, an arbitrary file read vulnerability in Adobe ColdFusion. The exploit leverages improper access control to read files by chaining two endpoints: one to obtain a UUID and another to read files using directory traversal.

This repository contains a functional exploit for CVE-2024-20767, an arbitrary file read vulnerability in Adobe ColdFusion due to improper access control. The exploit retrieves a UUID from the target server and uses it to read sensitive files (e.g., /etc/passwd or Windows/ServerStandardEval.xml) via a path traversal attack.

The repository contains a functional Python exploit for CVE-2024-20767, an Improper Access Control vulnerability in Adobe ColdFusion. The exploit retrieves a UUID from the target's server manager endpoint and uses it to read arbitrary files via a path traversal attack.

The repository contains a functional Python script that exploits CVE-2024-20767, an arbitrary file read vulnerability in Adobe ColdFusion servers via the Performance Monitoring Toolset (PMS) endpoint. The exploit leverages a directory traversal technique to read files from the server.

The repository contains a functional Python exploit for CVE-2024-20767, targeting Adobe ColdFusion. It leverages a vulnerable endpoint to obtain a UUID and another endpoint to read arbitrary files, demonstrating an information leak vulnerability.

This Metasploit module exploits CVE-2024-20767, an arbitrary file read vulnerability in Adobe ColdFusion. It retrieves a UUID from the servermanager.cfc endpoint and uses it to read files via the /pms endpoint with directory traversal.