CVE-2017-3189

Name of the Vulnerable Software and Affected Versions: dotCMS versions 3.7.1 and earlier

Description: The issue concerns the "Push Publishing" feature in Enterprise Pro, which is vulnerable to arbitrary file upload. When "Bundle" tar.gz archives are uploaded and decompressed, there are no checks on the file types within the bundle. This can be combined with a path traversal issue to lead to remote command execution with the permissions of the user running the dotCMS application. An unauthenticated remote attacker may perform actions with the dotCMS administrator panel or execute arbitrary system commands with the permissions of the user running the dotCMS application.

Recommendations: For dotCMS versions 3.7.1 and earlier, consider disabling the "Push Publishing" feature until a patch is available to prevent arbitrary file uploads. Restrict access to the dotCMS administration panel to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.