daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2022/CVE-2022-26352.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-05-19 12:50:07 -04:00
parent 99c1d1fa33
commit 04ba7d4df1
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2022/CVE-2022-26352.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2022-26352
info:
name: DotCMS Arbitrary File Upload
name: DotCMS - Arbitrary File Upload
author: h1ei1
severity: critical
description: There is an arbitrary file upload vulnerability in the /api/content/ path of the DotCMS management system, and attackers can upload malicious Trojans to obtain server permissions.
description: DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions.
reference:
- https://blog.assetnote.io/2022/05/03/hacking-a-bank-using-dotcms-rce/
- https://github.com/h1ei1/POC/tree/main/CVE-2022-26352
@ -39,3 +39,5 @@ requests:
- 'contains(body_2, "CVE-2022-26352")'
- 'status_code_2 == 200'
condition: and
# Enhanced by mp on 2022/05/19