CVE-2022-26352

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous...

CVE-2022-26352

DotCMS ContentResource API (CVE-2022-26352) vulnerable to arbitrary file upload via POST /api/content in 3.0–22.02. An unsanitized filename in multipart form can cause directory traversal, saving files outside the intended storage. If anonymous content creation is enabled, an attacker could uploa...

CVE-2022-26352

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous...

VulnCheck KEV: CVE-2022-26352

dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution...

PT-2022-5116 · Unknown · Dotcms Core

Name of the Vulnerable Software and Affected Versions: dotCMS Core versions through 22.06 Description: The issue is related to a Reflected Cross-site scripting XSS problem in the admin portal of dotCMS Core. This occurs when the configuration has XSS PROTECTION ENABLED set to false. The...

Metasploit Weekly Wrap-Up

Ask and you may receive Module suggestions for the win, this week we see a new module written by jheysel-r7 based on CVE-2022-26352 that happens to have been suggested by jvoisin in the issue queue last month. This module targets an arbitrary file upload in dotCMS versions before 22.03, 5.3.8.10,...

DotCMS RCE via Arbitrary File Upload.

When files are uploaded into dotCMS via the content API, but before they become content, dotCMS writes the file down in a temp directory. In the case of this vulnerability, dotCMS does not sanitize the filename passed in via the multipart request header and thus does not sanitize the temp file's...

dotCMS Shell Upload Exploit

When files are uploaded into dotCMS via the content API, but before they become content, dotCMS writes the file down in a temporary directory. In the case of this vulnerability, dotCMS does not sanitize the filename passed in via the multipart request header and thus does not sanitize the tempora...

dotCMS Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DotCMS RCE via Arbitrary File Upload.', 'Description' = %q When files are uploaded into dotCMS via the content API, but before they become conten...

dotCMS 安全漏洞

dotCMS is a content management system CMS from the United States dotCMS. The system supports modules such as RSS feeds, blogs, and forums, and is easy to extend and build. A security vulnerability exists in dotCMS that stems from the fact that dotCMS does not clean up temporary file names. An...

dotCMS allows remote authenticated users to execute arbitrary Java code

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted 1 XSLT or 2 Velocity template...

GHSA-42VG-Q6MW-CFH5 dotCMS allows remote authenticated users to execute arbitrary Java code

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted 1 XSLT or 2 Velocity template...

The vulnerability of the dotCMS content management system lies in the improper restriction on the path to the restricted catalog, allowing attackers to execute arbitrary code.

The vulnerability of the dotCMS content management system is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted requests to POST files...

Critical RCE Bug Reported in dotCMS Content Management Software

A pre-authenticated remote code execution vulnerability has been disclosed in dotCMS, an open-source content management system written in Java and "used by over 10,000 clients in over 70 countries around the globe, from Fortune 500 brands and mid-sized businesses." The critical flaw, tracked as...

PT-2022-2512 · Dotcms · Dotcms

Name of the Vulnerable Software and Affected Versions: dotCMS versions 3.0 through 22.02 Description: An issue was discovered in the ContentResource API, allowing attackers to craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal,...

in dotcms/core

Description Hello, dotCMS has an XXE vulnerability in the template design page. To exploit this flaw, a attacker needs the permission to edit and preview templates, and this can be abused to read internal files Video Poc This section of the documentation explain how to use the XMLTool in the...

Server-Side Request Forgery (SSRF) in dotcms/core

Description Hi team, I found a SSRF that allow me to access the elasticsearch API and get full response from the querys - As can be read in the following link dotCMS uses elastisearch, with this SSRF we can direct access the elastisearch REST API, - In a cloud environment, it can be possible to...

dotCMS file upload vulnerability

dotCMS is a powerful Java-based content management system CMS. dotCMS 5.2.3 and earlier versions are vulnerable to file uploads. A remote attacker can exploit this vulnerability to execute arbitrary code via /src/main/java/com/dotmarketing/filters/CMSFilter.java...

CVE-2020-19138

Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java"...

CVE-2020-19138

Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java"...