CVE-2022-26352 - dotCMS Unrestricted Upload of File Vulnerability
Project:dotCMS
Product:dotCMS
Date Added:2022-08-25Due Date:2022-09-15
Vulnerability Name
dotCMS Unrestricted Upload of File Vulnerability
Description
dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply updates per vendor instructions.
Additional Notes
https://www.dotcms.com/security/SI-62
https://nvd.nist.gov/vuln/detail/CVE-2022-26352
