Critical severity9.8CISA KEVNVD Advisory· Published Aug 11, 2010· Updated Jun 16, 2026
CVE-2010-2861
CVE-2010-2861
Description
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:*range: <=9.0.1
- (no CPE)range: <=9.0.1
Patches
Vulnerability mechanics
References
6- www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/nvdExploit
- www.adobe.com/support/security/bulletins/apsb10-18.htmlnvdNot ApplicableVendor Advisory
- securityreason.com/securityalert/8137nvdBroken Link
- securityreason.com/securityalert/8148nvdBroken Link
- www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-07nvdBroken Link
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.