https://github.com/chocapikk/cve-2024-20767

Exploit Toolkit for Adobe ColdFusion CVE-2024-20767 Vulnerability
https://github.com/chocapikk/cve-2024-20767

Last synced: about 1 year ago
JSON representation

Exploit Toolkit for Adobe ColdFusion CVE-2024-20767 Vulnerability

• Host: GitHub
• URL: https://github.com/chocapikk/cve-2024-20767
• Owner: Chocapikk
• Created: 2024-03-26T19:17:14.000Z (about 2 years ago)
• Default Branch: main
• Last Pushed: 2024-03-26T19:21:19.000Z (about 2 years ago)
• Last Synced: 2025-04-13T17:07:37.686Z (about 1 year ago)
• Language: Python
• Size: 2.93 KB
• Stars: 8
• Watchers: 2
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# CVE-2024-20767 Exploit for Adobe ColdFusion 🛠️

This repository contains an exploit for Adobe ColdFusion, specifically targeting the CVE-2024-20767 vulnerability disclosed on March 12, 2024. This critical security issue allows for arbitrary file system read access due to Improper Access Control (CWE-284).

## Description 📝

The vulnerability has been assigned a critical severity rating, with a CVSS base score of 8.2. It affects Adobe ColdFusion versions 2023 (Update 6 and earlier) and 2021 (Update 12 and earlier), across all platforms.

## Affected Products 📉

- ColdFusion 2023: Update 6 and earlier versions

- ColdFusion 2021: Update 12 and earlier versions

## Exploit Usage 💻

This exploit allows users to read arbitrary files from the file system of a server running a vulnerable version of Adobe ColdFusion.

### Prerequisites

- Python 3.x

### Steps

1. Clone this repository.

2. Install the required Python libraries: `pip install -r requirements.txt`

3. Run the exploit script with necessary arguments:

```bash

python3 exploit.py -u  -o 

```

- `-u, --url`: Target Adobe ColdFusion Server URL

- `-o, --output`: File to write vulnerable instances

### Example

```bash

python3 exploit.py -u https://example.com -o vulnerable.txt

```

## Mitigation 🛡️

Adobe has released security updates to address this vulnerability. It is highly recommended to update affected ColdFusion installations to the latest version:

- ColdFusion 2023: Update 7

- ColdFusion 2021: Update 13

Refer to Adobe's official security bulletin APSB24-14 for detailed information and update links.

## Disclaimer

This exploit is provided for educational purposes only. Use it at your own risk. Unauthorized hacking is illegal and unethical.

## References

- Adobe Security Bulletin [APSB24-14](https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html)

- CVE-2024-20767 details on [CVE Mitre](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20767)

Stay safe and secure! 🔐