in ,

Hacking a Bank by Finding a 0day in DotCMS

A pre-auth remote code execution vulnerability was found in DotCMS which was achievable by performing a directory traversal attack during file upload. This vulnerability ultimately allows attacker to execute arbitrary commands on the underlying system.

This vulnerability is exploitable with the default configuration of DotCMS and was tested on version 22.01.

The CVE for this issue is CVE-2022-26352. The advisory from DotCMS can be found here.

Posted by SH

Leave a Reply

Exit mobile version