CVE-2022-26352: dotCMS Unrestricted Upload of File Vulnerability. dotCMS
dotCMS Unrestricted Upload of File Vulnerability. dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.
- CISA KEV-listed (remediation due 2022-09-15)
- used in ransomware campaigns
- EPSS 94.3% (100.0% percentile)