Free Trial

Under attack ?

Umbraco CMS 8.5.3 allows an authenticated file upload

Overview :

Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.

Umbraco CMS 8.5.3 – Authenticated FileUpload PoC

Attack Type: File Upload

Product Version: 8.5.3

OWASP Category: Unrestricted File Upload

Solution: Add package integrity mechanisms and/or file extension whitelist/blacklist filtering.

Summary: Umbraco CMS 8.5.3 allows an authenticated file upload via the Packages functionality.

Technical Description: See CVE-2020-9472.pdf

Exploit: See exploit_local.py

Vulnerability Details :

CVE-2020-9472

Reference Order :

References are typically listed in the order below:

Recent Blog Posts

Cybersecurity Awareness Month 2025

Layer 7 Attack Recovery Guide Step by Step (2025)

Top 12 Features Every MSSP Needs in a WAAP Platform (2025 Guide)

Top 8 Cybersecurity Challenges Indian Enterprises Face in 2025

Best Tools to Identify Broken Access Control in APIs

WAF Solution

Recent Case Studies

Government Institution Fortifies Data Defenses with Prophaze

Government Institution Fortifies Data Defenses with Prophaze

December 14, 2023

Prophaze's WAF Redefines Aerospace Security Standards

Prophaze’s WAF Redefines Aerospace Security Standards

December 14, 2023

Industrial IoT Breach mitigated by Prophaze

Industrial IoT Breach Mitigated by Prophaze

December 14, 2023

Recent Press Releases

Prophaze gartner 2025 strong performer waap api

Prophaze Recognized as a Strong Performer in Gartner Peer Insights™ Voice of the Customer 2025 for Cloud Web Application and API Protection

October 6, 2025

Indo Pak Cyber Attacks

India Cyber Attack: 85 Million Malicious Requests Blocked by Prophaze

May 20, 2025

Intel Prophaze Partnership

Intel’s 4th Gen Processors Power Prophaze’s New Era of Smarter, Faster Security

January 23, 2025