Published on: 04 March 2019
Adobe released a security update to address a “File Upload Restriction Bypass” vulnerability in ColdFusion. A remote attacker could upload a specially crafted file to a web-accessible directory and send a malicious HTTP request to exploit the vulnerability.
Reports indicate that the vulnerability (CVE-2019-7816) is being exploited in the wild. Users are advised to take immediate action to patch the affected systems to mitigate the elevated risk of cyber attacks.
A successful exploitation could lead to arbitrary code execution on an affected system.
Upgrade Adobe ColdFusion to the following versions to address the issue.