Attacker Value
Very High
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2020-26352

Disclosure Date: December 02, 2022
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.

Add Assessment

3
Ratings
  • Attacker Value
    Very High
  • Exploitability
    High
Technical Analysis

CVE-2020-26352 is an unauthenticated directory traversal vulnerability in dotCMS which allows for arbitrary file upload and effectively RCE.

When files are uploaded to DotCMS via the file upload API, before the file becomes content, dotCMS writes the file down in a temporary directory. The vulnerability lies in the fact that DotCMS does not sanitize the filename passed in via the multipart request header and thus does not sanitize the temporary file’s name. This allows an attacker to craft a request to POST files to dotCMS via the ContentResource API that gets written outside of the dotCMS temporary directory. An attacker can upload a specially crafted .jsp file to the webapp/ROOT directory of dotCMS which can allow for remote code execution.

A metasploit module is available and easy to use. If you have an internet facing dotCMS instance running, make sure it’s patched!

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Additional Info

Technical Analysis