CVE-2018-15961

Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions July 12 release (2018.0.0.310739) through Update 6 Adobe ColdFusion versions July 12 release (2018.0.0.310739) through Update 14

Description: The issue is related to an unrestricted file upload vulnerability in the ColdFusion interpreter. This vulnerability could allow a remote attacker to execute arbitrary code. Successful exploitation of this vulnerability may lead to arbitrary code execution.

Recommendations: For Adobe ColdFusion versions July 12 release (2018.0.0.310739) through Update 6, update to a version later than Update 6 to resolve the issue. For Adobe ColdFusion versions July 12 release (2018.0.0.310739) through Update 14, update to a version later than Update 14 to resolve the issue. As a temporary workaround, consider restricting file uploads to minimize the risk of exploitation.