Umbraco CMS 8.5.3 allows an authenticated file upload

Share on facebook
Share on google
Share on twitter
Share on linkedin

[vc_row][vc_column][vc_column_text] 

Overview :
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.

Umbraco CMS 8.5.3 – Authenticated FileUpload PoC

Attack Type: File Upload

Product Version: 8.5.3

OWASP Category: Unrestricted File Upload

Solution: Add package integrity mechanisms and/or file extension whitelist/blacklist filtering

Summary: Umbraco CMS 8.5.3 allows an authenticated file upload via the Packages functionality

Technical Description: See CVE-2020-9472.pdf

Exploit: See exploit_local.py

 
Vulnerability Details :
CVE ID :

CVE-2020-9472

Reference Order

References are typically listed in the order below:

  • Initial announcement
  • Response team advisory
  • Vendor acknowledgement/advisory
  • All other public sources

 [/vc_column_text][/vc_column][/vc_row]

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

Recent Posts

Follow Us

Web Application Firewall Solution