Vulnerability Description
dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, attackers can upload temporary files (e.g., .jsp files) into /webapps/ROOT/assets/tmp_upload, which can lead to remote command execution (with the permissions of the user running the dotCMS application).
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dotcms | Dotcms | < 5.2.4 |
Related Weaknesses (CWE)
References
- https://dotcms.com/security/SI-54ExploitMitigationVendor Advisory
- https://github.com/dotCMS/core/issues/17796ExploitThird Party Advisory
- https://dotcms.com/security/SI-54ExploitMitigationVendor Advisory
- https://github.com/dotCMS/core/issues/17796ExploitThird Party Advisory
FAQ
What is CVE-2020-6754?
CVE-2020-6754 is a vulnerability with a CVSS score of 9.8 (CRITICAL). dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a ...
How severe is CVE-2020-6754?
CVE-2020-6754 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-6754?
Check the references section above for vendor advisories and patch information. Affected products include: Dotcms Dotcms.