Lucene search
MitreCVELIST:CVE-2022-26352HistoryJul 17, 2022 - 9:54 p.m.
CVE-2022-26352
2022-07-1721:54:53
mitre
www.cve.org
5
dotcms
contentresource api
unauthenticated
remote code execution
directory traversal
multipart form request
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.
Related
cisa_kev
cisa_kev
dotCMS Unrestricted Upload of File Vulnerability
2022-08-25 00:00:00
nvd
nvd
CVE-2022-26352
2022-07-17 22:15:08
thn
thn
Critical RCE Bug Reported in dotCMS Content Management Software
2022-05-04 12:05:00
North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware
2022-07-15 10:22:00
CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog
2022-08-29 04:23:00
cve
cve
CVE-2022-26352
2022-07-17 22:15:08
nuclei
nuclei
DotCMS - Arbitrary File Upload
2022-05-05 16:40:02
mmpc
mmpc
zdt
zdt
dotCMS Shell Upload Exploit
2022-06-02 00:00:00
mssecure
mssecure
prion
prion
Directory traversal
2022-07-17 22:15:00
packetstorm
packetstorm
dotCMS Shell Upload
2022-06-02 00:00:00
metasploit
metasploit
DotCMS RCE via Arbitrary File Upload.
2022-05-19 13:37:48
osv
osv
CVE-2022-26352
2022-07-17 22:15:08
attackerkb
attackerkb
CVE-2022-26352
2022-07-17 00:00:00
checkpoint_advisories
checkpoint_advisories
dotCMS Arbitrary File Upload (CVE-2022-26352; CVE-2018-5445)
2022-08-16 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-06-03 19:35:44