Arbitrary File Upload Vulnerability in dotCMS by dotCMS
CVE-2017-11466

7.2HIGH

Key Information:

Vendor

Dotcms

Status
Dotcms
Vendor
CVE Published:
20 July 2017

What is CVE-2017-11466?

An arbitrary file upload vulnerability exists in dotCMS version 4.1.1, specifically within the AjaxFileUploadServlet class. This vulnerability allows remote authenticated administrators to exploit directory traversal sequences in the fieldName parameter when uploading files, potentially enabling the upload of malicious .jsp files to unauthorized locations. Upon successful uploading, these files can be executed via direct access at designated URIs, posing a significant risk for arbitrary code execution and system compromise.

References

http://seclists.org/fulldisclosure/2017/Jul/33
x_refsource_MISC
https://github.com/dotCMS/core/issues/12131
x_refsource_MISC
https://packetstormsecurity.com/files/143383/dotcms411-sh...
x_refsource_MISC

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.