Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2022-26352

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.942
EPSS Ranking 99.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 6.8
Proposed Action
dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.
Ransomware Campaign
Known
Products affected by CVE-2022-26352
  • Dotcms » Dotcms » Version: 20.10.1
    cpe:2.3:a:dotcms:dotcms:20.10.1
  • Dotcms » Dotcms » Version: 20.10.4
    cpe:2.3:a:dotcms:dotcms:20.10.4
  • Dotcms » Dotcms » Version: 20.11
    cpe:2.3:a:dotcms:dotcms:20.11
  • Dotcms » Dotcms » Version: 20.11.1
    cpe:2.3:a:dotcms:dotcms:20.11.1
  • Dotcms » Dotcms » Version: 21.01
    cpe:2.3:a:dotcms:dotcms:21.01
  • Dotcms » Dotcms » Version: 21.02
    cpe:2.3:a:dotcms:dotcms:21.02
  • Dotcms » Dotcms » Version: 21.02.1
    cpe:2.3:a:dotcms:dotcms:21.02.1
  • Dotcms » Dotcms » Version: 21.02.2
    cpe:2.3:a:dotcms:dotcms:21.02.2
  • Dotcms » Dotcms » Version: 21.03
    cpe:2.3:a:dotcms:dotcms:21.03
  • Dotcms » Dotcms » Version: 21.04
    cpe:2.3:a:dotcms:dotcms:21.04
  • Dotcms » Dotcms » Version: 21.05
    cpe:2.3:a:dotcms:dotcms:21.05
  • Dotcms » Dotcms » Version: 21.05.1
    cpe:2.3:a:dotcms:dotcms:21.05.1
  • Dotcms » Dotcms » Version: 21.06
    cpe:2.3:a:dotcms:dotcms:21.06
  • Dotcms » Dotcms » Version: 21.06.1
    cpe:2.3:a:dotcms:dotcms:21.06.1
  • Dotcms » Dotcms » Version: 21.06.10
    cpe:2.3:a:dotcms:dotcms:21.06.10
  • Dotcms » Dotcms » Version: 21.06.12
    cpe:2.3:a:dotcms:dotcms:21.06.12
  • Dotcms » Dotcms » Version: 21.06.13
    cpe:2.3:a:dotcms:dotcms:21.06.13
  • Dotcms » Dotcms » Version: 21.06.14
    cpe:2.3:a:dotcms:dotcms:21.06.14
  • Dotcms » Dotcms » Version: 21.06.3
    cpe:2.3:a:dotcms:dotcms:21.06.3
  • Dotcms » Dotcms » Version: 21.06.4
    cpe:2.3:a:dotcms:dotcms:21.06.4
  • Dotcms » Dotcms » Version: 21.06.5
    cpe:2.3:a:dotcms:dotcms:21.06.5
  • Dotcms » Dotcms » Version: 21.06.6
    cpe:2.3:a:dotcms:dotcms:21.06.6
  • Dotcms » Dotcms » Version: 21.06.7
    cpe:2.3:a:dotcms:dotcms:21.06.7
  • Dotcms » Dotcms » Version: 21.06.8
    cpe:2.3:a:dotcms:dotcms:21.06.8
  • Dotcms » Dotcms » Version: 21.06.9
    cpe:2.3:a:dotcms:dotcms:21.06.9
  • Dotcms » Dotcms » Version: 21.08
    cpe:2.3:a:dotcms:dotcms:21.08
  • Dotcms » Dotcms » Version: 21.09
    cpe:2.3:a:dotcms:dotcms:21.09
  • Dotcms » Dotcms » Version: 21.10
    cpe:2.3:a:dotcms:dotcms:21.10
  • Dotcms » Dotcms » Version: 21.10.1
    cpe:2.3:a:dotcms:dotcms:21.10.1
  • Dotcms » Dotcms » Version: 21.11
    cpe:2.3:a:dotcms:dotcms:21.11
  • Dotcms » Dotcms » Version: 22.01
    cpe:2.3:a:dotcms:dotcms:22.01
  • Dotcms » Dotcms » Version: 22.02
    cpe:2.3:a:dotcms:dotcms:22.02
  • Dotcms » Dotcms » Version: 3.0
    cpe:2.3:a:dotcms:dotcms:3.0
  • Dotcms » Dotcms » Version: 3.0.1
    cpe:2.3:a:dotcms:dotcms:3.0.1
  • Dotcms » Dotcms » Version: 3.1
    cpe:2.3:a:dotcms:dotcms:3.1
  • Dotcms » Dotcms » Version: 3.2
    cpe:2.3:a:dotcms:dotcms:3.2
  • Dotcms » Dotcms » Version: 3.2.1
    cpe:2.3:a:dotcms:dotcms:3.2.1
  • Dotcms » Dotcms » Version: 3.2.2
    cpe:2.3:a:dotcms:dotcms:3.2.2
  • Dotcms » Dotcms » Version: 3.2.3
    cpe:2.3:a:dotcms:dotcms:3.2.3
  • Dotcms » Dotcms » Version: 3.2.4
    cpe:2.3:a:dotcms:dotcms:3.2.4
  • Dotcms » Dotcms » Version: 3.3
    cpe:2.3:a:dotcms:dotcms:3.3
  • Dotcms » Dotcms » Version: 3.3.1
    cpe:2.3:a:dotcms:dotcms:3.3.1
  • Dotcms » Dotcms » Version: 3.3.2
    cpe:2.3:a:dotcms:dotcms:3.3.2
  • Dotcms » Dotcms » Version: 3.5
    cpe:2.3:a:dotcms:dotcms:3.5
  • Dotcms » Dotcms » Version: 3.5.1
    cpe:2.3:a:dotcms:dotcms:3.5.1
  • Dotcms » Dotcms » Version: 3.6.0
    cpe:2.3:a:dotcms:dotcms:3.6.0
  • Dotcms » Dotcms » Version: 3.6.1
    cpe:2.3:a:dotcms:dotcms:3.6.1
  • Dotcms » Dotcms » Version: 3.6.2
    cpe:2.3:a:dotcms:dotcms:3.6.2
  • Dotcms » Dotcms » Version: 3.7.0
    cpe:2.3:a:dotcms:dotcms:3.7.0
  • Dotcms » Dotcms » Version: 3.7.1
    cpe:2.3:a:dotcms:dotcms:3.7.1
  • Dotcms » Dotcms » Version: 3.7.2
    cpe:2.3:a:dotcms:dotcms:3.7.2
  • Dotcms » Dotcms » Version: 4.0.0
    cpe:2.3:a:dotcms:dotcms:4.0.0
  • Dotcms » Dotcms » Version: 4.0.1
    cpe:2.3:a:dotcms:dotcms:4.0.1
  • Dotcms » Dotcms » Version: 4.1.0
    cpe:2.3:a:dotcms:dotcms:4.1.0
  • Dotcms » Dotcms » Version: 4.1.1
    cpe:2.3:a:dotcms:dotcms:4.1.1
  • Dotcms » Dotcms » Version: 4.2.0
    cpe:2.3:a:dotcms:dotcms:4.2.0
  • Dotcms » Dotcms » Version: 4.2.1
    cpe:2.3:a:dotcms:dotcms:4.2.1
  • Dotcms » Dotcms » Version: 4.2.2
    cpe:2.3:a:dotcms:dotcms:4.2.2
  • Dotcms » Dotcms » Version: 4.2.3
    cpe:2.3:a:dotcms:dotcms:4.2.3
  • Dotcms » Dotcms » Version: 4.3.0
    cpe:2.3:a:dotcms:dotcms:4.3.0
  • Dotcms » Dotcms » Version: 4.3.1
    cpe:2.3:a:dotcms:dotcms:4.3.1
  • Dotcms » Dotcms » Version: 4.3.2
    cpe:2.3:a:dotcms:dotcms:4.3.2
  • Dotcms » Dotcms » Version: 4.3.3
    cpe:2.3:a:dotcms:dotcms:4.3.3
  • Dotcms » Dotcms » Version: 4.4.1
    cpe:2.3:a:dotcms:dotcms:4.4.1
  • Dotcms » Dotcms » Version: 5.0.0
    cpe:2.3:a:dotcms:dotcms:5.0.0
  • Dotcms » Dotcms » Version: 5.0.1
    cpe:2.3:a:dotcms:dotcms:5.0.1
  • Dotcms » Dotcms » Version: 5.0.2
    cpe:2.3:a:dotcms:dotcms:5.0.2
  • Dotcms » Dotcms » Version: 5.0.3
    cpe:2.3:a:dotcms:dotcms:5.0.3
  • Dotcms » Dotcms » Version: 5.1.0
    cpe:2.3:a:dotcms:dotcms:5.1.0
  • Dotcms » Dotcms » Version: 5.1.1
    cpe:2.3:a:dotcms:dotcms:5.1.1
  • Dotcms » Dotcms » Version: 5.1.5
    cpe:2.3:a:dotcms:dotcms:5.1.5
  • Dotcms » Dotcms » Version: 5.1.6
    cpe:2.3:a:dotcms:dotcms:5.1.6
  • Dotcms » Dotcms » Version: 5.2.0
    cpe:2.3:a:dotcms:dotcms:5.2.0
  • Dotcms » Dotcms » Version: 5.2.1
    cpe:2.3:a:dotcms:dotcms:5.2.1
  • Dotcms » Dotcms » Version: 5.2.2
    cpe:2.3:a:dotcms:dotcms:5.2.2
  • Dotcms » Dotcms » Version: 5.2.3
    cpe:2.3:a:dotcms:dotcms:5.2.3
  • Dotcms » Dotcms » Version: 5.2.4
    cpe:2.3:a:dotcms:dotcms:5.2.4
  • Dotcms » Dotcms » Version: 5.2.5
    cpe:2.3:a:dotcms:dotcms:5.2.5
  • Dotcms » Dotcms » Version: 5.2.6
    cpe:2.3:a:dotcms:dotcms:5.2.6
  • Dotcms » Dotcms » Version: 5.2.7
    cpe:2.3:a:dotcms:dotcms:5.2.7
  • Dotcms » Dotcms » Version: 5.2.8
    cpe:2.3:a:dotcms:dotcms:5.2.8
  • Dotcms » Dotcms » Version: 5.2.8.1
    cpe:2.3:a:dotcms:dotcms:5.2.8.1
  • Dotcms » Dotcms » Version: 5.2.8.2
    cpe:2.3:a:dotcms:dotcms:5.2.8.2
  • Dotcms » Dotcms » Version: 5.2.8.3
    cpe:2.3:a:dotcms:dotcms:5.2.8.3
  • Dotcms » Dotcms » Version: 5.2.8.4
    cpe:2.3:a:dotcms:dotcms:5.2.8.4
  • Dotcms » Dotcms » Version: 5.3.0
    cpe:2.3:a:dotcms:dotcms:5.3.0
  • Dotcms » Dotcms » Version: 5.3.1
    cpe:2.3:a:dotcms:dotcms:5.3.1
  • Dotcms » Dotcms » Version: 5.3.2
    cpe:2.3:a:dotcms:dotcms:5.3.2
  • Dotcms » Dotcms » Version: 5.3.3
    cpe:2.3:a:dotcms:dotcms:5.3.3
  • Dotcms » Dotcms » Version: 5.3.4
    cpe:2.3:a:dotcms:dotcms:5.3.4
  • Dotcms » Dotcms » Version: 5.3.4.1
    cpe:2.3:a:dotcms:dotcms:5.3.4.1
  • Dotcms » Dotcms » Version: 5.3.5
    cpe:2.3:a:dotcms:dotcms:5.3.5
  • Dotcms » Dotcms » Version: 5.3.6
    cpe:2.3:a:dotcms:dotcms:5.3.6
  • Dotcms » Dotcms » Version: 5.3.6.1
    cpe:2.3:a:dotcms:dotcms:5.3.6.1
  • Dotcms » Dotcms » Version: 5.3.7
    cpe:2.3:a:dotcms:dotcms:5.3.7
  • Dotcms » Dotcms » Version: 5.3.7.1
    cpe:2.3:a:dotcms:dotcms:5.3.7.1
  • Dotcms » Dotcms » Version: 5.3.8
    cpe:2.3:a:dotcms:dotcms:5.3.8
  • Dotcms » Dotcms » Version: 5.3.8.1
    cpe:2.3:a:dotcms:dotcms:5.3.8.1
  • Dotcms » Dotcms » Version: 5.3.8.10
    cpe:2.3:a:dotcms:dotcms:5.3.8.10
  • Dotcms » Dotcms » Version: 5.3.8.11
    cpe:2.3:a:dotcms:dotcms:5.3.8.11
  • Dotcms » Dotcms » Version: 5.3.8.12
    cpe:2.3:a:dotcms:dotcms:5.3.8.12
  • Dotcms » Dotcms » Version: 5.3.8.13
    cpe:2.3:a:dotcms:dotcms:5.3.8.13
  • Dotcms » Dotcms » Version: 5.3.8.14
    cpe:2.3:a:dotcms:dotcms:5.3.8.14
  • Dotcms » Dotcms » Version: 5.3.8.2
    cpe:2.3:a:dotcms:dotcms:5.3.8.2
  • Dotcms » Dotcms » Version: 5.3.8.3
    cpe:2.3:a:dotcms:dotcms:5.3.8.3
  • Dotcms » Dotcms » Version: 5.3.8.4
    cpe:2.3:a:dotcms:dotcms:5.3.8.4
  • Dotcms » Dotcms » Version: 5.3.8.5
    cpe:2.3:a:dotcms:dotcms:5.3.8.5
  • Dotcms » Dotcms » Version: 5.3.8.6
    cpe:2.3:a:dotcms:dotcms:5.3.8.6
  • Dotcms » Dotcms » Version: 5.3.8.6.1
    cpe:2.3:a:dotcms:dotcms:5.3.8.6.1
  • Dotcms » Dotcms » Version: 5.3.8.6.2
    cpe:2.3:a:dotcms:dotcms:5.3.8.6.2
  • Dotcms » Dotcms » Version: 5.3.8.7
    cpe:2.3:a:dotcms:dotcms:5.3.8.7
  • Dotcms » Dotcms » Version: 5.3.8.8
    cpe:2.3:a:dotcms:dotcms:5.3.8.8
  • Dotcms » Dotcms » Version: 5.3.8.9
    cpe:2.3:a:dotcms:dotcms:5.3.8.9
  • Dotcms » Dotcms » Version: 5.3.9
    cpe:2.3:a:dotcms:dotcms:5.3.9


Products
Pricing
Contact Us

Shodan ® - All rights reserved