2 matches found
dotCMS CMSFilter Authentication Bypass (CVE-2020-6754)
An access control weakness exists in the dotCMS content management system. The vulnerability is due to insufficient path validation in the CMSFilter class...
CVE-2020-6754
CVE-2020-6754 affects dotCMS prior to 5.2.4. The vulnerability is a directory traversal due to insufficient path validation in the CMSFilter, allowing an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets and to upload temporary files (e.g., .jsp) into /webapps/ROOT/assets/t...