N/A

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.

N/A

N/A

dotCMS 安全漏洞

dotCMS是美国dotCMS公司的一套内容管理系统（CMS）。该系统支持RSS订阅、博客、论坛等模块，并具有易于扩展和构建的特点。 dotCMS存在安全漏洞，该漏洞源于dotCMS不会清理临时文件名。攻击者利用该漏洞使用特制的请求，通过在dotCMS临时目录外写入的ContentResource API将文件发布到dotCMS。

N/A

N/A