WEB APPLICATION VULNERABILITIES Standard & Premium

DotCMS unrestricted file upload (CVE-2022-26352)

Description

DotCMS allows an unauthenticated user to upload arbitrary files. An attacker can exploit it to achieve remote code execution.

Remediation

Upgrade to the latest version of DotCMS

References

Multipart File Directory Traversal can lead to remote execution

Hacking a Bank by Finding a 0day in DotCMS

Related Vulnerabilities

WordPress Plugin HTML5 AV Manager for WordPress 'custom.php' Arbitrary File Upload (0.2.7)

WordPress Plugin Contus HD FLV Player 'uploadVideo.php' Arbitrary File Upload (1.7)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6311)

Grafana Insufficiently Protected Credentials Vulnerability (CVE-2019-15635)

Oracle Database Server CVE-2015-2629 Vulnerability (CVE-2015-2629)

Severity

High

Classification

CVE-2022-26352 CWE-434 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Unauthenticated File Upload Code Execution Known Vulnerabilities