Authenticated File Upload and Remote Code Execution in Umbraco Cloud 8.5.3 via Install Packages Functionality

Authenticated File Upload and Remote Code Execution in Umbraco Cloud 8.5.3 via Install Packages Functionality

CVE-2020-9471 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.

Learn more about our Cloud Audit.