CVE-2018-15961

CVE Database · CVE-2018-15961

CVE-2018-15961

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

99.95%

Published

Sep 25, 2018

Modified

Oct 23, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (8)

All weaponized →

Exploit-DBAdobe ColdFusion 2018 - Arbitrary File Upload NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCvah13/CVE-2018-15961★9 GitHub PoCxbufu/CVE-2018-15961★3 GitHub PoCorangmuda/CVE-2018-15961★2 GitHub PoCcved-sources/cve-2018-15961★1 GitHub PoCbu1xuan2/CVE-2018-15961★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-434CWE-434

Affected Products (23)

adobe · coldfusionvulnerable

· coldfusion

References (9)

http://www.securityfocus.com/bid/105314

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1041621

Broken LinkThird Party AdvisoryVDB Entry

https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html

Vendor Advisory

https://www.exploit-db.com/exploits/45979/

ExploitThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/105314

Broken LinkThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs