3 matches found
Path traversal
The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its contents are not properly checked, allowing for...
CVE-2017-3187
The provided data shows CVE-2017-3187 affecting dotCMS admin panel versions 3.7.1 and earlier, with a CSRF vulnerability enabling actions with a victim’s permissions (and potentially arbitrary commands if an active session exists). Related entries (CVE-2017-3188) describe a compatible path-traver...
dotCMS contains multiple vulnerabilities
Overview The dotCMS administration panel is vulnerable to cross-site request forgery, and the "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal and arbitrary file upload. dotCMS versions 3.7.1 and earlier are affected. Description CWE-352: Cross-Site Request Forgery CSRF...