Description
dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmp_upload, which can lead to remote command execution (with the permissions of the user running the dotCMS application).
Remediation
References
Related Vulnerabilities
Apache Tomcat Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2020-13935)
Oracle JRE Insecure Storage of Sensitive Information Vulnerability (CVE-2024-21211)
WordPress 6.2.x Shortcode Execution (6.2 - 6.2.1)
WordPress Plugin WooCommerce Information Disclosure (4.5.2)
phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-9861)