Description
dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmp_upload, which can lead to remote command execution (with the permissions of the user running the dotCMS application).
Remediation
References
Related Vulnerabilities
Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7871)
SharePoint CVE-2020-1335 Vulnerability (CVE-2020-1335)
WordPress Plugin Happy Addons for Elementor Cross-Site Scripting (2.23.0)
WordPress Plugin WP Logs Book Cross-Site Scripting (1.0.1)
MediaWiki Insecure Storage of Sensitive Information Vulnerability (CVE-2021-36127)