Critical RCE Bug Reported in dotCMS Content Management Software

4 May 2022

A pre-authenticated remote code execution vulnerability has been disclosed in dotCMS, an open-source content management system written in Java and “used by over 10,000 clients in over 70 countries around the globe, from Fortune 500 brands and mid-sized businesses.” The critical flaw, tracked as CVE-2022-26352, stems from a directory traversal attack when performing file uploads, enabling an adversary to execute arbitrary commands on the underlying system.

Read full article on The Hacker News

Date:

4 May 2022

Categorie(s):

NEWS

Tag(s):

Bug, Content Management, Critical, IT, Softwares

CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers24 April 2024
GenAI can enhance security awareness training24 April 2024
AI set to play key role in future phishing attacks24 April 2024
Cybersecurity jobs available right now: April 24, 202424 April 2024
The relationship between cybersecurity and work tech innovation24 April 2024