Description
DotCMS allows an unauthenticated user to upload arbitrary files. An attacker can exploit it to achieve remote code execution.
Remediation
Upgrade to the latest version of DotCMS
References
Related Vulnerabilities
WordPress Plugin Omni Secure Files 'upload.php' Arbitrary File Upload (0.1.13)
WordPress Plugin Simple Dropbox Upload Arbitrary File Upload (1.8.8)
WordPress Plugin Audio Record Arbitrary File Upload (1.0)
Dragonfly Arbitrary File Read/Write (CVE-2021-33564)
WordPress Plugin WP-Live Chat by 3CX Arbitrary File Upload (8.0.31)