Macromedia ColdFusion MX CFInclude And CFModule Tag Sandbox Escaping Vulnerability

info
discussion
exploit
solution
references

Macromedia ColdFusion MX CFInclude And CFModule Tag Sandbox Escaping Vulnerability

A vulnerability in the use of the cfinclude and cfmodule Tags exists in ColdFusion MX. In environments that are sandboxed, it may be possible for a script to access files outside of the sandboxed directory. This could lead to unauthorized access to files on the host.