in ,

Hacking a Bank by Finding a 0day in DotCMS

A pre-auth remote code execution vulnerability was found in DotCMS which was achievable by performing a directory traversal attack during file upload. This vulnerability ultimately allows attacker to execute arbitrary commands on the underlying system.

This vulnerability is exploitable with the default configuration of DotCMS and was tested on version 22.01.

The CVE for this issue is CVE-2022-26352. The advisory from DotCMS can be found here.

This post was created with our nice and easy submission form. Create your post!

What do you think?

Posted by SH

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

CVE-2021-35029 – Authentication Bypass & RC in Zyxel USG devices

Understanding Microsoft Windows Security Updates