CVE-2017-11466

Published: Jul 20, 2017Modified: May 13, 2026

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. This results in arbitrary code execution by requesting the .jsp file at a /assets URI.

Affected (1)

Products: Dotcms: Dotcms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dotcms Dotcms	Version 4.1.1

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (6)

http://seclists.org/fulldisclosure/2017/Jul/33

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://github.com/dotCMS/core/issues/12131

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://packetstormsecurity.com/files/143383/dotcms411-shell.txt

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2017/Jul/33

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://github.com/dotCMS/core/issues/12131

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://packetstormsecurity.com/files/143383/dotcms411-shell.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.