CVE-2022-26352

dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution. Vendor/Product: dotCMS dotCMS. Added to CISA KEV 2022-08-25; required action: Apply updates per vendor instructions.