An open source content management software with tens of thousands of customers, dotCMS, has been exposed to serious vulnerabilities

94

A pre-authentication remote code execution vulnerability exists in dotCMS, an open source content management system written in Java. dotCMS is used by more than 10,000 customers in more than 70 countries around the world, including Fortune 500 companies, midsize companies, and more.

The critical vulnerability, numbered CVE-2022-26352, originates from a directory traversal attack triggered when performing a file upload, which could allow an attacker to execute arbitrary commands on the underlying system.

Assetnote researcher Shubham Shah pointed out in the report, “Attackers can upload arbitrary files to the system. By uploading JSP files to the root directory of tomcat, the attacker is likely to achieve code execution to execute commands.” In other words, the arbitrary File upload flaws can be abused to replace existing files on the system via a web shell, ultimately gaining persistent remote access.

Although an attacker could exploit the flaw to write arbitrary JavaScript files in an application, the researchers say the nature of the flaw could allow it to be weaponized for remote code execution.

AssetNote said it discovered and reported the flaw on February 21, 2022, and has since released patches in versions 22.03, 5.3.8.10, and 21.06.7.

The company notes, “When files are uploaded to dotCMS via the Content API, but before they become content, dotCMS writes the file in a temporary directory. dotCMS does not sanitize file names passed in via multipart request headers, so it is not sanitized. The name of the temporary file. An attacker could abuse this vulnerability to upload a special .jsp file into the webapp/ROOT directory of dotCMS, enabling remote code execution.”

Both businesses and individuals must learn to protect their data. Businesses need to be responsible to their customers, while individuals need to be responsible for their own information security. Now, with the development of technology, we have many ways to protect data. For example, data backup and disaster recovery. Virtual machine backup is a new backup method, which can freely back up data in different environments, and is safe and reliable. The more common virtual machine backups includes VMware backup, Hyper-V backup, Xenserver backup and so on.