QwikSec

Security Database

CVE

CWE

Training

CVE-2014-5468

Published: Feb 7, 2020

Modified: Aug 6, 2024

PUBLISHED

Description

A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://packetstormsecurity.com/files/128234/Railo-4.2.1-Remote-File-Inclusion.html

x_refsource_MISC

http://www.exploit-db.com/exploits/34669

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/95959

x_refsource_MISC

https://www.securityfocus.com/bid/69761

x_refsource_MISC

https://vulmon.com/vulnerabilitydetails?qid=CVE-2014-5468

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.