qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/dotCMS-content-Arbitrary-Fi...

65 lines
3.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "dotCMS content Arbitrary File Upload (CVE-2022-26352)",
"Description": "<p>Dotcms dotCMS is a set of content management system (CMS) of American dotCMS (Dotcms) company. The system supports RSS feeds, blogs, forums and other modules, and is easy to expand and build.</p><p>There is an arbitrary file upload vulnerability in the /api/content/ path of the DotCMS management system, and attackers can upload malicious Trojans to obtain server permissions.</p>",
"Product": "dotCMS",
"Homepage": "https://www.dotcms.com/",
"DisclosureDate": "2022-05-05",
"Author": "1291904552@qq.com",
"FofaQuery": "body=\"DotCMS\"",
"GobyQuery": "body=\"DotCMS\"",
"Level": "3",
"Impact": "<p>There is an arbitrary file upload vulnerability in the /api/content/ path of the DotCMS management system, and attackers can upload malicious Trojans to obtain server permissions.</p>",
"Recommandation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.dotcms.com/\">https://www.dotcms.com/</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p>",
"Translation": {
"CN": {
"Name": "dotCMS 管理系统 content 任意文件上传漏洞CVE-2022-26352",
"VulType": ["任意文件上传"],
"Tags": ["任意文件上传"],
"Description": "<p>Dotcms dotCMS是美国dotCMSDotcms公司的一套内容管理系统CMS。该系统支持RSS订阅、博客、论坛等模块并具有易于扩展和构建的特点。</p><p>DotCMS管理系统 /api/content/路径存在任意文件上传漏洞,攻击者可上传恶意木马,获取服务器权限。</p>",
"Impact": "<p>DotCMS管理系统 /api/content/路径存在任意文件上传漏洞,攻击者可上传恶意木马,获取服务器权限。</p>",
"Product": "dotCMS",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新: <a href=\"https://www.dotcms.com/\">https://www.dotcms.com/</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p>"
},
"EN": {
"Name": "dotCMS content Arbitrary File Upload (CVE-2022-26352)",
"VulType": ["Arbitrary File Upload"],
"Tags": ["Arbitrary File Upload"],
"Description": "<p>Dotcms dotCMS is a set of content management system (CMS) of American dotCMS (Dotcms) company. The system supports RSS feeds, blogs, forums and other modules, and is easy to expand and build.</p><p>There is an arbitrary file upload vulnerability in the /api/content/ path of the DotCMS management system, and attackers can upload malicious Trojans to obtain server permissions.</p>",
"Impact": "<p>There is an arbitrary file upload vulnerability in the /api/content/ path of the DotCMS management system, and attackers can upload malicious Trojans to obtain server permissions.</p>",
"Product": "dotCMS",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.dotcms.com/\">https://www.dotcms.com/</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p>"
}
},
"References": [
"https://blog.assetnote.io/2022/05/03/hacking-a-bank-using-dotcms-rce/"
],
"HasExp": true,
"ExpParams": [
{
"name": "path",
"type": "input",
"value": "../../../../../../../../../srv/dotserver/tomcat-9.0.41/webapps/ROOT/"
},
{
"name": "cmd",
"type": "input",
"value": "whoami"
}
],
"ExpTips": null,
"ScanSteps": null,
"ExploitSteps": null,
"Tags": [
"Arbitrary File Upload"
],
"VulType": ["Arbitrary File Upload"],
"CVEIDs": ["CVE-2022-26352"],
"CVSSScore": "9.8",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service":null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink