| Vulnerability | Adobe ColdFusion WDDX C3P0 remote code execution vulnerability |
|---|---|
| Chinese name | Adobe ColdFusion WDDX C3P0 远程代码执行漏洞 |
| CVSS core | 9.8 |
| FOFA Query (click to view the results directly) | body="/cfajax/" || header="CFTOKEN" || banner="CFTOKEN" || body="ColdFusion.Ajax" || body="" || server="ColdFusion" || title="ColdFusion" || (body="crossdomain.xml" && body="CFIDE") || (body="#000808" && body="#e7e7e7") |
| Number of assets affected | 567468 |
| Description | Adobe Coldfusion is a commercial application server developed by Adobe for web applications.The attacker can send unbelievable serialized data and trigger derivativeization to the Coldfusion server, thereby executing any code. |
| Impact | The attacker can execute the code at the server through this vulnerability, obtain the server permissions, and then control the entire web server. |