Unrestricted File Upload

Affecting umbracocms package, versions [0,]

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

UmbracoCms is a Installs Umbraco Cms in your Visual Studio ASP.NET project

Affected versions of this package are vulnerable to Unrestricted File Upload. It allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.

Remediation

There is no fixed version for UmbracoCms.

References

CVSS Score

6.6
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    High
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    High
  • Availability
    High
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U
Credit
Unknown
CVE
CVE-2020-9472
CWE
CWE-434
Snyk ID
SNYK-DOTNET-UMBRACOCMS-560400
Disclosed
16 Mar, 2020
Published
16 Mar, 2020