Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:10 a.m.10 views

CVE-2022-26352

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous...

9.8CVSS7.7AI score0.91501EPSS
Exploits4References1
The Hacker News
The Hacker News
added 2022/08/29 4:23 a.m.202 views

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked ...

10CVSS1.7AI score0.99939EPSS
Exploits72
Check Point Advisories
Check Point Advisories
added 2022/08/16 12:0 a.m.35 views

dotCMS Arbitrary File Upload (CVE-2022-26352; CVE-2018-5445)

An arbitrary file upload vulnerability exists in dotCMS. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the vulnerable system with administrative privileges...

6.8CVSS5.2AI score0.91501EPSS
Exploits4
NVD
NVD
added 2022/07/17 10:15 p.m.22 views

CVE-2022-26352

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous...

9.8CVSS0.91501EPSS
Exploits4References3
CVE
CVE
added 2022/07/17 9:54 p.m.1433 views

CVE-2022-26352

DotCMS ContentResource API (CVE-2022-26352) vulnerable to arbitrary file upload via POST /api/content in 3.0–22.02. An unsanitized filename in multipart form can cause directory traversal, saving files outside the intended storage. If anonymous content creation is enabled, an attacker could uploa...

9.8CVSS8.6AI score0.91501EPSS
In wildExploits4References3Affected Software1
Rapid7 Blog
Rapid7 Blog
added 2022/06/03 7:35 p.m.64 views

Metasploit Weekly Wrap-Up

Ask and you may receive Module suggestions for the win, this week we see a new module written by jheysel-r7 based on CVE-2022-26352 that happens to have been suggested by jvoisin in the issue queue last month. This module targets an arbitrary file upload in dotCMS versions before 22.03, 5.3.8.10,...

6.5CVSS0.4AI score0.91501EPSS
Exploits13
Packet Storm
Packet Storm
added 2022/06/02 12:0 a.m.341 views

dotCMS Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DotCMS RCE via Arbitrary File Upload.', 'Description' = %q When files are uploaded into dotCMS via the content API, but before they become conten...

8.6AI score0.91501EPSS
Exploits4
Circl
Circl
added 2022/05/04 2:13 p.m.12 views

CVE-2022-26352

creationtimestamp| type| source ---|---|--- 2022-05-04 14:13:23+00:00| seen| https://t.me/thehackernews/2146 2022-06-02 13:52:54+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/dotcmsfileuploadrce.rb 2022-07-03 06:46:51+00:00|...

9.8CVSS7.3AI score0.91501EPSS
In wildExploits4References13
Rows per page
Query Builder