logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2020-9472 umbracocms

Package

Manager: nuget
Name: umbracocms
Vulnerable Version: >=0 <8.5.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0216 pctl0.8363

Details

Unrestricted Upload of File with Dangerous Type in Umbraco CMS Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.

Metadata

Created: 2021-08-02T17:38:56Z
Modified: 2021-05-04T21:16:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-j66f-h9hm-975m/GHSA-j66f-h9hm-975m.json
CWE IDs: ["CWE-434"]
Alternative ID: GHSA-j66f-h9hm-975m
Finding: F027
Auto approve: 1