EUVD-2017-12314

Malware in sbrugna...

dotCMS 5.1.5: Exploiting H2 SQL injection to RCE

Impact The SQL injection vulnerability can be exploited as an unauthenticated attacker via CSRF or as a user of the role Publisher. An attacker is able to execute stacked SQL queries which means it is possible to manipulate arbitrary database entries and even execute shell commands when the H2...

dotCMS path traversal vulnerability (CNVD-2019-21131)

dotCMS is a content management system CMS from the American company dotCMS. A path traversal vulnerability exists in the Push Publishing feature of the admin panel in dotCMS 3.7.1 and earlier versions, which stems from the failure of the program to properly validate the 'Bundle' tar.gz archive fi...

dotCMS arbitrary file upload vulnerability (CNVD-2019-21130)

dotCMS is a content management system CMS from the American company dotCMS. An arbitrary file upload vulnerability exists in the Push Publishing feature in the administration panel of dotCMS 3.7.1 and prior versions, which originates when extracting the 'Bundle' tar.gz archive file uploaded to th...

Path traversal

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its contents are not properly checked, allowing for...

CVE-2017-3188

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its contents are not properly checked, allowing for...

CVE-2017-3188 The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, the filenames of its contents are not properly checked, allowing for...

CVE-2017-3188

The CVE-2017-3188 entry concerns dotCMS administration panel versions 3.7.1 and earlier, where the Push Publishing feature (Enterprise Pro) is vulnerable to path traversal. When tar.gz bundles are decompressed, filenames aren’t properly validated, allowing writing files to arbitrary directories o...

CVE-2017-3189

dotCMS 3.7.1 and earlier, in Enterprise Pro, is vulnerable in the Push Publishing feature where uploaded Bundle tar.gz archives are decompressed without validation of file types. This leads to a path traversal issue (CVE-2017-3188) and, when combined, enables remote command execution with the per...

CVE-2017-3189 The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload

The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, there are no checks on the types of files which the bundle...