Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.
Published: 2018-11-08
Researchers at Volexity have identified multiple groups exploiting CVE-2018-15961 in unpatched, web-facing Adobe ColdFusion servers. Users are urged to upgrade to the latest version of ColdFusion.
https://www.exploit-db.com/exploits/45979/
https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html