An issue exists in dotCMS core 4.x up to and including 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution.
dotcms dotcms