Description
dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmp_upload, which can lead to remote command execution (with the permissions of the user running the dotCMS application).
References (2)
Core 2
Core References
Exploit, Mitigation, Vendor Advisory x_refsource_confirm
https://dotcms.com/security/SI-54
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/dotCMS/core/issues/17796
Scores
CVSS v3
9.8
EPSS
0.7349
EPSS Percentile
98.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
CWE-434
Status
published
Products (1)
dotcms/dotcms
< 5.2.4
Published
Feb 05, 2020
Tracked Since
Feb 18, 2026