Description

Directory traversal vulnerability in the dotTailLogServlet in dotCMS before 3.5.1 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the fileName parameter.

Remediation

References

CVE-2016-3972

Related Vulnerabilities

Oracle JRE CVE-2013-2456 Vulnerability (CVE-2013-2456)

MySQL CVE-2019-2991 Vulnerability (CVE-2019-2991)

WordPress Plugin 123ContactForm for WordPress Multiple Vulnerabilities (1.5.6)

Apache HTTP Server Configuration Vulnerability (CVE-2009-1195)

WordPress Plugin WooCommerce Subscriptions Cross-Site Scripting (2.6.2)

Severity

Low

Classification

CVE-2016-3972 CWE-22 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities