Описание
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot.
Комментарий
In order to exploit this vulnerability to execute arbitrary code, the attacker would first be required to upload a malicious file or inject arbitrary commands into an existing file.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:dotcms:dotcms:1.6.0.9:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03365
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
почти 4 года назад
Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot.
EPSS
Процентиль: 87%
0.03365
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-22