Enhancement: cves/2022/CVE-2022-26352.yaml by mp
parent
99c1d1fa33
commit
04ba7d4df1
|
@ -1,10 +1,10 @@
|
||||||
id: CVE-2022-26352
|
id: CVE-2022-26352
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: DotCMS Arbitrary File Upload
|
name: DotCMS - Arbitrary File Upload
|
||||||
author: h1ei1
|
author: h1ei1
|
||||||
severity: critical
|
severity: critical
|
||||||
description: There is an arbitrary file upload vulnerability in the /api/content/ path of the DotCMS management system, and attackers can upload malicious Trojans to obtain server permissions.
|
description: DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions.
|
||||||
reference:
|
reference:
|
||||||
- https://blog.assetnote.io/2022/05/03/hacking-a-bank-using-dotcms-rce/
|
- https://blog.assetnote.io/2022/05/03/hacking-a-bank-using-dotcms-rce/
|
||||||
- https://github.com/h1ei1/POC/tree/main/CVE-2022-26352
|
- https://github.com/h1ei1/POC/tree/main/CVE-2022-26352
|
||||||
|
@ -39,3 +39,5 @@ requests:
|
||||||
- 'contains(body_2, "CVE-2022-26352")'
|
- 'contains(body_2, "CVE-2022-26352")'
|
||||||
- 'status_code_2 == 200'
|
- 'status_code_2 == 200'
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/05/19
|
||||||
|
|
Loading…
Reference in New Issue