Very High
CVE-2020-26352
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Very High
(1 user assessed)
High
(1 user assessed)Unknown
Unknown
Unknown
CVE-2020-26352
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.
Add Assessment
Ratings
-
Attacker ValueVery High
-
ExploitabilityHigh
Technical Analysis
CVE-2020-26352 is an unauthenticated directory traversal vulnerability in dotCMS which allows for arbitrary file upload and effectively RCE.
When files are uploaded to DotCMS via the file upload API, before the file becomes content, dotCMS writes the file down in a temporary directory. The vulnerability lies in the fact that DotCMS does not sanitize the filename passed in via the multipart request header and thus does not sanitize the temporary file’s name. This allows an attacker to craft a request to POST files to dotCMS via the ContentResource API that gets written outside of the dotCMS temporary directory. An attacker can upload a specially crafted .jsp file to the webapp/ROOT directory of dotCMS which can allow for remote code execution.
A metasploit module is available and easy to use. If you have an internet facing dotCMS instance running, make sure it’s patched!
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
