CVE-2022-26352 — Actively Exploited: dotCMS (dotCMS)
dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.
| CVE ID | CVE-2022-26352 |
|---|---|
| Vendor | dotCMS |
| Product | dotCMS |
| Vulnerability name | dotCMS Unrestricted Upload of File Vulnerability |
| Date added | 2022-08-25 |
| Remediation due | 2022-09-15 |
| Known ransomware use | Known |
| Required action | Apply updates per vendor instructions. |
| Description | dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →