All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2022-26352
NONEKEVpublish date unavailable
CVSS / 10
// description
dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.
// required action (CISA KEV)
Apply updates per vendor instructions.
added 2022-08-25 00:00 UTC