DotCMS 漏洞列表
共找到 7 个与 DotCMS 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2022-26352: DotCMS Arbitrary File Upload POC
There is an arbitrary file upload vulnerability in the /api/content/ path of the DotCMS management system, and attackers can upload malicious Trojans to obtain server permissions. app="DotCMS" -
CVE-2018-17422: DotCMS < 5.0.2 - Open Redirect POC
dotCMS before 5.0.2 contains multiple open redirect vulnerabilities via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. -
CVE-2022-26352: DotCMS - Arbitrary File Upload POC
DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions. -
dotCMS任意文件上传(CVE-2022-26352) 无POC
dotCMS是一个100%免费基于J2EE/portal的内容管理系统,它有着许多吸引人的特性是其它许多CMS所没有的。该系统存在任意文件上传漏洞,攻击者可以直接获取服务器权限。 -
DotCMS processFile CVE-2022-26352 目录遍历漏洞 无POC
DotCMS存在目录遍历漏洞。此漏洞是由于对外部输入的文件名缺乏校验导致的。 -
dotCMS _fixconflictsfromremote目录遍历漏洞 无POC
-
dotCMS api/content 任意文件上传漏洞 无POC
dotCMS 是一个Java开发的开源且跨平台的功能强大的内容管理系统(CMS)。CVE-2022-26352 中由于 api/content 路径存在未授权文件上传漏洞,攻击者可构造恶意请求上传webshell,从而执行任意代码,控制服务器。