Patch Available For ColdFusion MX Enterprise Edition Sandbox Security Issue

The <cfinclude> tag and the <cfmodule> tag will accept filenames with relative paths as arguments. ColdFusion MX does not check the Sandbox Security Files/Dirs permissions before including files with these tags. This could allow a template to access unauthorized data using these tags.

Find out more (and download the patch) at the URL below:

Comments are closed.