Authenticated File Upload and Remote Code Execution in Umbraco CMS 8.5.3 via Install Package Functionality

Authenticated File Upload and Remote Code Execution in Umbraco CMS 8.5.3 via Install Package Functionality

CVE-2020-9472 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.

Learn more about our Cms Pen Testing.