Directory Traversal Vulnerability in dotCMS by dotCMS
CVE-2020-6754

9.8CRITICAL

Key Information:

Vendor: Dotcms
Status: Dotcms
Vendor: CVE Published:; 5 February 2020

What is CVE-2020-6754?

A vulnerability in dotCMS before version 5.2.4 allows directory traversal, potentially permitting unauthorized access to system files within the $TOMCAT_HOME/webapps/ROOT/assets directory, which should be secured. An attacker could exploit this flaw to read sensitive files or execute code due to improper access controls. The vulnerability also facilitates the uploading of temporary files, such as .jsp files, into the /webapps/ROOT/assets/tmp_upload directory, creating a risk for remote command execution with the permissions of the user running the dotCMS application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://dotcms.com/security/SI-54

x_refsource_CONFIRM

https://github.com/dotCMS/core/issues/17796

x_refsource_CONFIRM

EPSS Score

75% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 5, 2020
Vulnerability Reserved
Jan 9, 2020

JSON

Dotcms

What is CVE-2020-6754?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

EPSS Score

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.