Lucene search
K

4 matches found

Prion
Prion
added 2018/07/24 3:29 p.m.12 views

Path traversal

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, there are no checks on the types of files which the bundle...

9.3CVSS7.5AI score0.06546EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/07/24 3:0 p.m.58 views

CVE-2017-3188

The CVE-2017-3188 entry concerns dotCMS administration panel versions 3.7.1 and earlier, where the Push Publishing feature (Enterprise Pro) is vulnerable to path traversal. When tar.gz bundles are decompressed, filenames aren’t properly validated, allowing writing files to arbitrary directories o...

6.5CVSS7.5AI score0.02788EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/07/24 3:0 p.m.16 views

CVE-2017-3188 The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its contents are not properly checked, allowing for...

7.7AI score0.02788EPSS
Exploits0References2
CERT
CERT
added 2017/03/06 12:0 a.m.31 views

dotCMS contains multiple vulnerabilities

Overview The dotCMS administration panel is vulnerable to cross-site request forgery, and the "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal and arbitrary file upload. dotCMS versions 3.7.1 and earlier are affected. Description CWE-352: Cross-Site Request Forgery CSRF...

9.3CVSS8.4AI score0.06546EPSS
Exploits0References4
Rows per page
Query Builder