Issues » Vulnerabilities in “Comments” feature

Issue: SI-20
Date: Apr 21, 2014, 6:45:00 AM
Severity: Medium
Requires Admin Access: No
Fix Version: 2.5.4
Credit: it.sec GmbH & Co. KG – Hans-Martin Münch & Markus Piéton
Description:

dotCMS employs a “Comments” feature that allows logged in users to comment on articles and pages. Proper security checks are missing so this feature can be misused by a attacker to post comments to the pages or use the “approve comment” function to send spam to arbitrary email addresses. Even if the comments are deactivated it is possible for a attacker to abuse the “approve comment” function to send spam to any email address.

Mitigation:

This issue has been verified by the development team.  A workaround is to remove the CommentsAction ActionMapping from the struts-cms.xml to prevent this from being exploited.