Description

dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive.

Remediation

References

CVE-2019-12309

Related Vulnerabilities

WordPress Plugin Plugin:Newsletter 'data' Parameter Information Disclosure (1.5)

MySQL CVE-2024-21135 Vulnerability (CVE-2024-21135)

WordPress Plugin Add Any Extension to Pages Cross-Site Scripting (1.3)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8669)

WordPress Plugin FL3R FeelBox Multiple Vulnerabilities (8.1)

Severity

Medium

Classification

CVE-2019-12309 CWE-22 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities