Lucene search
K

5 matches found

NVD
NVD
added 2018/07/24 3:29 p.m.13 views

CVE-2017-3189

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, there are no checks on the types of files which the bundle...

9.3CVSS7.4AI score0.06546EPSS
Exploits0References2
OSV
OSV
added 2018/07/24 3:29 p.m.15 views

CVE-2017-3189

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, there are no checks on the types of files which the bundle...

8.1CVSS9.2AI score
Exploits0References2
Cvelist
Cvelist
added 2018/07/24 3:0 p.m.25 views

CVE-2017-3189 The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, there are no checks on the types of files which the bundle...

7.8AI score0.06546EPSS
Exploits0References2
CVE
CVE
added 2018/07/24 3:0 p.m.44 views

CVE-2017-3189

dotCMS 3.7.1 and earlier, in Enterprise Pro, is vulnerable in the Push Publishing feature where uploaded Bundle tar.gz archives are decompressed without validation of file types. This leads to a path traversal issue (CVE-2017-3188) and, when combined, enables remote command execution with the per...

9.3CVSS7.7AI score0.06546EPSS
Exploits0References2Affected Software1
CERT
CERT
added 2017/03/06 12:0 a.m.31 views

dotCMS contains multiple vulnerabilities

Overview The dotCMS administration panel is vulnerable to cross-site request forgery, and the "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal and arbitrary file upload. dotCMS versions 3.7.1 and earlier are affected. Description CWE-352: Cross-Site Request Forgery CSRF...

9.3CVSS8.4AI score0.06546EPSS
Exploits0References4
Rows per page
Query Builder