What is CVE-2020-6754?

CVE-2020-6754 is a vulnerability in N/a. Published 2020-02-05.

Is CVE-2020-6754 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-6754

dotCMS before 5.2.4 is vulnerable to directory traversal, leading to incorrect access control. It allows an attacker to read or execute files under $TOMCAT_HOME/webapps/ROOT/assets (which should be a protected directory). Additionally, att…

EPSS: 0.735 (98.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
cyb3r-w0lf/nuclei-template-collection

References

dotcms.com/security/SI-54 (x_refsource_CONFIRM)
github.com/dotCMS/core/issues/17796 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-6754?: CVE-2020-6754 is a vulnerability in N/a. Published 2020-02-05.
Is CVE-2020-6754 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.