CVE-2022-26352CISA KEV: Actively Exploited

dotCMS Unrestricted Upload of File Vulnerability

Published Aug 25, 2022·Updated Aug 25, 2022

Description

dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free