First published: Fri Dec 31 2004(Updated: )
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Macromedia ColdFusion | =6.1 | |
Macromedia ColdFusion | =6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.