A pre-authenticated remote code execution vulnerability has been disclosed in dotCMS, an open up-resource articles management program prepared in Java and “used by over 10,000 purchasers in in excess of 70 nations all over the world, from Fortune 500 manufacturers and mid-sized organizations.”
The critical flaw, tracked as CVE-2022-26352, stems from a listing traversal attack when executing file uploads, enabling an adversary to execute arbitrary commands on the fundamental program.
“An attacker can upload arbitrary documents to the method,” Shubham Shah of Assetnote mentioned in a report. “By uploading a JSP file to the tomcat’s root listing, it is feasible to realize code execution, foremost to command execution.”
In other phrases, the arbitrary file add flaw can be abused to substitute already existing data files in the technique with a web shell, which can then be utilized to get persistent remote accessibility.
Whilst the exploit designed it feasible to produce to arbitrary JavaScript documents getting served by the software, the researchers mentioned the mother nature of the bug was these kinds of that it could be weaponized to obtain command execution.
AssetNote mentioned it learned and reported the flaw on February 21, 2022, adhering to which patches have been produced in versions 22.03, 5.3.8.10, and 21.06.7.
“When documents are uploaded into dotCMS by way of the written content API, but prior to they develop into content material, dotCMS writes the file down in a temp directory,” the company claimed. “In the situation of this vulnerability, dotCMS does not sanitize the filename passed in by using the multipart ask for header and consequently does not sanitize the temp file’s title.”
“In the circumstance of this exploit, an attacker can add a exclusive .jsp file to the webapp/ROOT listing of dotCMS which can make it possible for for distant code execution,” it mentioned.
Identified this posting attention-grabbing? Stick to THN on Facebook, Twitter and LinkedIn to read through extra distinctive information we submit.
Some parts of this article are sourced from:
thehackernews.com