CVE-2022-26352

CRITICAL KEV RANSOMWARE NUCLEI

dotCMS 3.0-22.02 - Path Traversal

Title source: llm

Description

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Shubham Shah, Hussein Daher, jheysel-r7 · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/dotcms_file_upload_rce.rb

View Code ZIP pw:eip

Nuclei Templates (1)

DotCMS - Arbitrary File Upload

CRITICALby h1ei1

Shodan: http.title:"dotcms"

FOFA: title="dotcms"

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/167365/dotCMS-Shell-Upload.html

[Permissions Required, Third Party Advisory] https://groups.google.com/g/dotcms

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26352

Scores

CVSS v3 9.8

EPSS 0.9431

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-08-25

VulnCheck KEV 2022-07-14

InTheWild.io 2022-08-25

ENISA EUVD EUVD-2022-30911

Ransomware Use Confirmed

Status published

Products (1)

dotcms/dotcms 3.0 - 22.02

Published Jul 17, 2022

KEV Added Aug 25, 2022

Tracked Since Feb 18, 2026