Description
Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName parameter to servlets/ajax_file_upload. This results in arbitrary code execution by requesting the .jsp file at a /assets URI.
Remediation
References
Related Vulnerabilities
PHP Out-of-bounds Write Vulnerability (CVE-2021-21703)
IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1886)
WordPress 4.9.x Directory Traversal (4.9 - 4.9.25)
WordPress Plugin Accept Stripe Donation-AidWP Security Bypass (2.8)
WordPress Plugin Product Slider for WooCommerce by PickPlugins Cross-Site Scripting (1.13.41)