{"api_version":"1","generated_at":"2026-06-04T17:42:39+00:00","cve":"CVE-2022-26352","urls":{"html":"https://cve.report/CVE-2022-26352","api":"https://cve.report/api/cve/CVE-2022-26352.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-26352","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-26352"},"summary":{"title":"dotCMS Unrestricted Upload of File Vulnerability","description":"An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2022-07-17 22:15:00","updated_at":"2023-08-08 14:21:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://packetstormsecurity.com/files/167365/dotCMS-Shell-Upload.html","name":"http://packetstormsecurity.com/files/167365/dotCMS-Shell-Upload.html","refsource":"MISC","tags":[],"title":"dotCMS Shell Upload ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://groups.google.com/g/dotcms","name":"https://groups.google.com/g/dotcms","refsource":"MISC","tags":[],"title":"dotCMS User Group - Google Groups","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-26352","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-26352","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"26352","vulnerable":"1","versionEndIncluding":"22.02","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dotcms","cpe5":"dotcms","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2022","cve_id":"26352","cve":"CVE-2022-26352","vendorProject":"dotCMS","product":"dotCMS","vulnerabilityName":"dotCMS Unrestricted Upload of File Vulnerability","dateAdded":"2022-08-25","shortDescription":"dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2022-09-15","knownRansomwareCampaignUse":"Known","notes":"https://www.dotcms.com/security/SI-62;  https://nvd.nist.gov/vuln/detail/CVE-2022-26352","cwes":"CWE-22,CWE-138","catalogVersion":"2026.06.03","updated_at":"2026-06-03 17:01:28"},"epss":{"cve_year":"2022","cve_id":"26352","cve":"CVE-2022-26352","epss":"0.943090000","percentile":"0.999500000","score_date":"2026-06-03","updated_at":"2026-06-04 00:06:37"},"legacy_qids":[{"cve":"CVE-2022-26352","qid":"150517","title":"dotCMS Remote Code Execution Vulnerability (CVE-2022-26352)"},{"cve":"CVE-2022-26352","qid":"730495","title":"Dot CMS Multipart File Directory Traversal and Remote Code Execution (RCE) Vulnerability"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2022-26352","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://groups.google.com/g/dotcms","refsource":"MISC","name":"https://groups.google.com/g/dotcms"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/167365/dotCMS-Shell-Upload.html","url":"http://packetstormsecurity.com/files/167365/dotCMS-Shell-Upload.html"}]}},"nvd":{"publishedDate":"2022-07-17 22:15:00","lastModifiedDate":"2023-08-08 14:21:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndIncluding":"22.02","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}