Critical severity9.8CISA KEVNVD Advisory· Published Aug 11, 2010· Updated Apr 21, 2026

CVE-2010-2861

Description

Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.

Affected products

Adobe Inc./Coldfusion
cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*
Range: <=9.0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/nvdExploit
www.adobe.com/support/security/bulletins/apsb10-18.htmlnvdNot ApplicableVendor Advisory
securityreason.com/securityalert/8137nvdBroken Link
securityreason.com/securityalert/8148nvdBroken Link
www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07nvdBroken Link
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.075
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.060