ColdFusion admin console is vulnerable to multiple directory traversal attacks related to locale parameter, allowing the attacker to upload an agent and execute it. The agent may have SYSTEM privileges if ColdFusion is installed as a service in Windows.
CVE Link
Product Name