The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.
| Software | From | Fixed in |
|---|---|---|
| allaire / coldfusion_server | 4.0 | 4.0.x |