DotCMS - Remote Code Execution (CVE-2022-26352)

DotCMS is affected by a Remote Code Execution vulnerability affecting the DotCMS system. The root cause of this vulnerability consists in improper sanitization of the filename passed in via the multipart request header when a file is uploaded into DotCMS via the content API. This allows a specially crafted request to POST files to dotCMS via the ContentResource (POST /api/content) that get written outside of the dotCMS temp directory. An attacker can upload a special .jsp file to the webapp/ROOT directory of dotCMS which can allow for Remote Code Execution.

The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware, or pivot to the internal network.

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Upgrade the DotCMS to the latest version.

https://nvd.nist.gov/vuln/detail/CVE-2022-26352

https://www.dotcms.com/security/SI-62