CVE-2022-26352

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.

Published: Jul 18, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-26352
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-22
CWE-434

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
dotcms / dotcms	3.0	22.02.x

http://packetstormsecurity.com/files/167365/dotCMS-Shell-Upload.html
https://groups.google.com/g/dotcms

Vulnerability Database

CVE-2022-26352

Deep Security Visibility Without the Complexity