Back to CVE Lookup
CVE-2018-15961
CRITICAL - CVSS 9.8CWE-434
Published: 9/25/2018
Modified: 10/23/2025
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.
Vulnerability Summary
CVSS v3 Score
9.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2 Score
10
AV:N/AC:L/Au:N/C:C/I:C/A:C