CVE-2014-5468

A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain breakable information or execute arbitrary code. (CVSS:6.8) (Final Update:2020-02-11)