CVE-2022-26352
dotCMS Unrestricted Upload of File Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
YesDecision
Descriptions
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.
Se ha detectado un problema en la API ContentResource de dotCMS versiones 3.0 hasta 22.02. Los atacantes pueden diseñar una petición de formulario multiparte para publicar un archivo cuyo nombre de archivo no está inicialmente saneado. Esto permite un salto de directorio, en el que el archivo es guardado fuera de la ubicación de almacenamiento prevista. Si la creación de contenido anónimo está habilitada, esto permite a un atacante no autenticado subir un archivo ejecutable, como un archivo .jsp, que puede conllevar a una ejecución de código remota
dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-03-02 CVE Reserved
- 2022-05-03 First Exploit
- 2022-06-02 CVE Published
- 2022-08-25 Exploited in Wild
- 2022-09-15 KEV Due Date
- 2024-08-03 CVE Updated
- 2024-08-26 EPSS Updated
CWE
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://groups.google.com/g/dotcms | Third Party Advisory | |
https://blog.assetnote.io/2022/05/03/hacking-a-bank-using-dotcms-rce |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dotcms Search vendor "Dotcms" | Dotcms Search vendor "Dotcms" for product "Dotcms" | >= 3.0 <= 22.02 Search vendor "Dotcms" for product "Dotcms" and version " >= 3.0 <= 22.02" | - |
Affected
|