dotCMS Path Traversal Vulnerability in ZIP Archive Extraction

dotCMS Path Traversal Vulnerability in ZIP Archive Extraction

CVE-2019-12309 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:N

dotCMS before 5.1.0 has a path traversal vulnerability exploitable by an administrator to create files. The vulnerability is caused by the insecure extraction of a ZIP archive.

Learn more about our Cms Pen Testing.