Umbraco CMS 8.5.3 allows an authenticated file upload

Overview :
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.

Umbraco CMS 8.5.3 – Authenticated FileUpload PoC

Attack Type: File Upload

Product Version: 8.5.3

OWASP Category: Unrestricted File Upload

Solution: Add package integrity mechanisms and/or file extension whitelist/blacklist filtering

Summary: Umbraco CMS 8.5.3 allows an authenticated file upload via the Packages functionality

Technical Description: See CVE-2020-9472.pdf

Exploit: See exploit_local.py

 
Vulnerability Details :
CVE ID :

CVE-2020-9472

Reference Order

References are typically listed in the order below:

  • Initial announcement
  • Response team advisory
  • Vendor acknowledgement/advisory
  • All other public sources
Facebook
Twitter
LinkedIn

Recent Blog Posts

Best Intrusion Detection Systems (IDS) to Use in 2025
Top 5 Cybersecurity Risk Management Strategies for 2025
Top 5 Emerging API Security Threats in 2025
8 Best Security Operations Center (SOC) Providers for 2025
Top 7 Cloud DDoS Protection Providers for 2025

WAF Solution