← ExploitWatch
HomeExploited Vulnerabilities

CVE-2022-26352 — Actively Exploited: dotCMS (dotCMS)

dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.

CVE IDCVE-2022-26352
VendordotCMS
ProductdotCMS
Vulnerability namedotCMS Unrestricted Upload of File Vulnerability
Date added2022-08-25
Remediation due2022-09-15
Known ransomware useKnown
Required actionApply updates per vendor instructions.
DescriptiondotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →