CVE-2022-26352
dotCMS Unrestricted Upload of File Vulnerability
CVSS
—
Sin CVSS
EPSS
91.5%
p100
KEV
SÍ
25 ago 2022
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
dotCMS / dotCMS
Vulnerabilidad
dotCMS Unrestricted Upload of File Vulnerability
Añadido a KEV
25 ago 2022
Remediar antes de
15 sept 2022
Uso conocido en ransomware
Sí
Descripción resumida
dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.
Acción requerida
Apply updates per vendor instructions.
Notas
https://www.dotcms.com/security/SI-62; https://nvd.nist.gov/vuln/detail/CVE-2022-26352
Sin CVEs relacionados por CWE o producto.