The /CFIDE/adminapi/customtags/l10n.cfm page in Adobe ColdFusion is prone to a Local File Inclusion vulnerability because it does not properly validate its attributes.file parameter. This can be abused by a remote unauthenticated attacker to execute arbitrary code on vulnerable servers. The agent may have SYSTEM privileges if ColdFusion is installed as a service on Windows.
CVE Link
Product Name