Enhancement: cves/2022/CVE-2022-26352.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-05-19 12:50:07 -04:00
parent 99c1d1fa33
commit 04ba7d4df1
1 changed files with 4 additions and 2 deletions

View File

@ -1,10 +1,10 @@
id: CVE-2022-26352 id: CVE-2022-26352
info: info:
name: DotCMS Arbitrary File Upload name: DotCMS - Arbitrary File Upload
author: h1ei1 author: h1ei1
severity: critical severity: critical
description: There is an arbitrary file upload vulnerability in the /api/content/ path of the DotCMS management system, and attackers can upload malicious Trojans to obtain server permissions. description: DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions.
reference: reference:
- https://blog.assetnote.io/2022/05/03/hacking-a-bank-using-dotcms-rce/ - https://blog.assetnote.io/2022/05/03/hacking-a-bank-using-dotcms-rce/
- https://github.com/h1ei1/POC/tree/main/CVE-2022-26352 - https://github.com/h1ei1/POC/tree/main/CVE-2022-26352
@ -39,3 +39,5 @@ requests:
- 'contains(body_2, "CVE-2022-26352")' - 'contains(body_2, "CVE-2022-26352")'
- 'status_code_2 == 200' - 'status_code_2 == 200'
condition: and condition: and
# Enhanced by mp on 2022/05/19