| An authenticated remote code execution vulnerability exists in Lucee's administrative interface due to insecure design in the scheduled task functionality. An administrator can configure a scheduled job to retrieve a remote .cfm file from an attacker-controlled server, which is written to the Lucee webroot and executed with the privileges of the Lucee service account. |
