all InfoSec news
Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203)
Help Net Security www.helpnetsecurity.com
Attackers are exploiting two Adobe ColdFusion vulnerabilities (CVE-2023-29298, CVE-2023-38203) to breach servers and install web shells to enable persistent access and allow remote control of the system, according to Rapid7 researchers. Flaws with incomplete fixes On July 11, 2023, Adobe released security updates for ColdFusion versions 2023, 2021 and 2018 containing fixes for three vulnerabilities: CVE-2023-29298, a critical improper access control flaw that could allow attackers to bypass a security feature (reported by Rapid7’s Stephen … More
The post …
0 day access adobe adobe coldfusion attackers breach coldfusion control cve don't miss enable exploit exploited exploiting fixes flaws hot stuff install july persistent project discovery rapid7 remote control researchers security security update security updates servers shells system updates vulnerabilities vulnerability web