THREATOPS
THREAT OPSCVEs › CVE-2022-26352

CVE-2022-26352 — dotCMS Unrestricted Upload of File Vulnerability

CISA KEVExploited: confirmeddotCMS

dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.

Vulnerability details