Free Trial
Under attack ?

Umbraco CMS 8.5.3 allows an authenticated file upload

Overview :
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.

Umbraco CMS 8.5.3 – Authenticated FileUpload PoC

Attack Type: File Upload

Product Version: 8.5.3

OWASP Category: Unrestricted File Upload

Solution: Add package integrity mechanisms and/or file extension whitelist/blacklist filtering

Summary: Umbraco CMS 8.5.3 allows an authenticated file upload via the Packages functionality

Technical Description: See CVE-2020-9472.pdf

Exploit: See exploit_local.py
 
Vulnerability Details :
CVE ID :

CVE-2020-9472

Reference Order

References are typically listed in the order below:

  • Initial announcement
  • Response team advisory
  • Vendor acknowledgement/advisory
  • All other public sources
Facebook
Twitter
LinkedIn
Linkedin X-twitter Facebook-f Youtube

Recent Blog Posts

Best Intrusion Detection Systems (IDS) to Use in 2025
Top 5 Cybersecurity Risk Management Strategies for 2025
Top 5 Emerging API Security Threats in 2025
8 Best Security Operations Center (SOC) Providers for 2025
Top 7 Cloud DDoS Protection Providers for 2025

WAF Solution

Recent Case Studies

Government Institution Fortifies Data Defenses with Prophaze

Government Institution Fortifies Data Defenses with Prophaze

December 14, 2023
Prophaze's WAF Redefines Aerospace Security Standards

Prophaze’s WAF Redefines Aerospace Security Standards

December 14, 2023
Industrial IoT Breach mitigated by Prophaze

Industrial IoT Breach Mitigated by Prophaze

December 14, 2023

Recent Press Releases

Indo Pak Cyber Attacks

India Cyber Attack: 85 Million Malicious Requests Blocked by Prophaze

May 20, 2025
Prophaze Named in Gartner’s 2025 WAAP Market Guide

Prophaze Named in Gartner’s 2025 WAAP Market Guide

April 22, 2025
Intel Prophaze Partnership

Intel’s 4th Gen Processors Power Prophaze’s New Era of Smarter, Faster Security

January 23, 2025