CVE-2010-2861

CVE Database · CVE-2010-2861

CVE-2010-2861

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

99.72%

Published

Aug 11, 2010

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2022-03-25 · Due: 2022-04-15

Apply updates per vendor instructions.

Public PoC / Exploit (5)

All weaponized →

Exploit-DBAdobe ColdFusion - Directory Traversal Exploit-DBAdobe ColdFusion - Directory Traversal (Metasploit)NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCgreysneakthief/14641-v2★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-22CWE-22

Affected Products (1)

adobe · coldfusionvulnerable

References (11)

http://securityreason.com/securityalert/8137

Broken Link

http://securityreason.com/securityalert/8148

Broken Link

http://www.adobe.com/support/security/bulletins/apsb10-18.html