Description
dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive.
Remediation
References
Related Vulnerabilities
WordPress Plugin Import any XML or CSV File to WordPress Arbitrary File Upload (3.2.3)
Oracle Database Server CVE-2011-3525 Vulnerability (CVE-2011-3525)
WordPress Plugin Zita Elementor Site Library Arbitrary File Upload (1.6.1)
Serendipity Other Vulnerability (CVE-2005-3129)
MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8289)