virus logo Intrusion Prevention

DotCMS.API.Content.Arbitrary.File.Upload

description-logoDescription

This indicates an attack attempt to exploit an Arbitrary File Upload Vulnerability in dotCMS.
This vulnerability is due to improper input validation on file names when uploading files through an vulnerable API. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in arbitrary file be saved in target server and lead to remote code execution.

affected-products-logoAffected Products

dotCMS version before 22.03
dotCMS version before 21.06.7
dotCMS version before 5.3.8.10

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.dotcms.com/security/SI-62

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2022-07-19 21.359 Default_action:pass:drop
2022-05-18 20.318

References

https://www.dotcms.com/security/SI-62
ID 51533
Created May 10, 2022
Updated May 08, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2022-26352
Known Exploited Yes
Exploit Prediction Score 97.53%
Default Action drop
Active
Affected OS Windows, Linux, BSD
Affected App Other