Posted by xiong piaox on Apr 08

Advisory: DotCMS Directory traversal vulnerability

Author: Piaox From Pingan Product Safety Group

Email: xiongyaofu351 () pingan com cn

Affected Version: dotCMS 3.5 Beta(the latest version)

==========================

Vulnerability Description

Recetly, I found a Directory traversal vulnerability in ‘DotCMS’
program, DotCMS is widely used in many companies.

Vulnerable file is:…