RE: [contentbox-version] Serious Exploit found in ContentBox / ColdFusion last few weeks

Do you by chance have the forgebox module installed?

If you can get a date/time created on those files, you may be able to match it against web server logs to see what kinds of requests came in around then.

I wonder what the chance is that someone else on the shared host is the attach vector, and the hackers were simply able to access the entire file system.



ColdBox Platform Evangelist
Ortus Solutions, Corp

ColdBox Platform:

Hostek claim it is completely sandboxed, but that might be for ColdFusion and other technologies might not be.

It’s a standard ContentBox install, so the only ForgeBox is what ContentBox uses to connect too.