Detections
Analytics
DotCMS 3.x < 5.3.8.10 / 21.x < 21.06.7 / 22.x < 22.03 Remote Code Execution
critical Web App Scanning Plugin ID 113336
Language:
Synopsis
DotCMS 3.x < 5.3.8.10 / 21.x < 21.06.7 / 22.x < 22.03 Remote Code ExecutionDescription
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.Solution
Upgrade to DotCMS 22.03, 5.3.8.10, 21.06.7 or later.See Also
Plugin Details
Severity: Critical
ID: 113336
Type: remote
Family: Component Vulnerability
Published: 9/6/2022
Updated: 9/6/2022
Scan Template: basic, full, pci, scan
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2022-26352
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score Source: CVE-2022-26352
Vulnerability Information
CPE: cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/28/2022
Vulnerability Publication Date: 7/17/2022
CISA Known Exploited Vulnerability Due Dates: 9/15/2022
Reference Information
CVE: CVE-2022-26352
OWASP: 2010-A4, 2013-A4, 2013-A9, 2017-A5, 2017-A9, 2021-A1, 2021-A4, 2021-A6
WASC: Improper Input Handling, Path Traversal
DISA STIG: APSC-DV-002560, APSC-DV-002630
HIPAA: 164.306(a)(1), 164.306(a)(2)
ISO: 27001-A.12.6.1, 27001-A.14.2.5
NIST: sp800_53-CM-6b, sp800_53-SC-6, sp800_53-SI-10
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-12.3.1, 4.0.2-12.5.2, 4.0.2-14.2.1