HomePentest-Tools.com Logo

DotCMS - Remote Code Execution (CVE-2022-26352)

Severity
CVSSv3 Score
9.8
Vulnerability description

DotCMS is affected by a Remote Code Execution vulnerability affecting the DotCMS system. The root cause of this vulnerability consists in improper sanitization of the filename passed in via the multipart request header when a file is uploaded into DotCMS via the content API. This allows a specially crafted request to POST files to dotCMS via the ContentResource (POST /api/content) that get written outside of the dotCMS temp directory. An attacker can upload a special .jsp file to the webapp/ROOT directory of dotCMS which can allow for Remote Code Execution.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware, or pivot to the internal network.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Recommendation

Upgrade the DotCMS to the latest version.

Codename
Not available
Detectable with
Network Scanner
Exploitable with Sniper
Yes
Vuln date
Mar 2022
Published at
Updated at
Software Type
CMS
Vendor
DotCMS
Product
DotCMS