Invicti identified possible source code disclosure (ColdFusion).
An attacker can obtain server-side source code of the web application, which can contain sensitive data - such as database connection strings, usernames and passwords - along with the technical and business logic of the application.
Depending on the source code, database connection strings, username, and passwords, the internal workings and the business logic of the application might be revealed. With such information, an attacker can mount the following types of attacks:
This is dependent on the information obtained from the source code. Uncovering these forms of vulnerabilities does not require high levels of skills. However, a highly skilled attacker could leverage this form of vulnerability to obtain account information from databases or administrative panels, ultimately leading to the control of the application or even the host the application resides on.
You can search and find all vulnerabilities