Description
dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive.
Remediation
References
Related Vulnerabilities
WordPress Plugin Happy Addons for Elementor Cross-Site Scripting (2.23.0)
WordPress Plugin Google Map SQL Injection (2.2.5)
Oracle Application Server Other Vulnerability (CVE-2004-1877)
Django Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33571)
EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-5965)