Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
Umbraco CMS 8.5.3 – Authenticated FileUpload PoC
Attack Type: File Upload
Product Version: 8.5.3
OWASP Category: Unrestricted File Upload
Solution: Add package integrity mechanisms and/or file extension whitelist/blacklist filtering
Summary: Umbraco CMS 8.5.3 allows an authenticated file upload via the Packages functionality
Technical Description: See CVE-2020-9472.pdf
Exploit: See exploit_local.py
|