|Requires Admin Access:||Yes|
|Credit:||it.sec GmbH & Co. KG – Hans-Martin Münch & Markus Piéton|
dotCMS employs a “Comments” feature that allows logged in users to comment on articles and pages. Proper security checks are missing so this feature can be misused by a attacker to post comments to the pages or use the “approve comment” function to send spam to arbitrary email addresses. Even if the comments are deactivated it is possible for a attacker to abuse the “approve comment” function to send spam to any email address.
This issue has been verified by the development team. A workaround is to remove the CommentsAction ActionMapping from the struts-cms.xml to prevent this from being exploited.