CVE-2014-2868 Information

Description

PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable.

Reference

http://www.kb.cert.org/vuls/id/437385