Main Vulnerability Database Exploits ID:5284 - Exploit for Arbitrary file upload in Umbraco CMS - CVE-2020-9472

ID:5284 - Exploit for Arbitrary file upload in Umbraco CMS - CVE-2020-9472

Published: April 12, 2021

Vulnerability identifier: #VU34732

Vulnerability risk: Medium

CVE-ID: CVE-2020-9472

CWE-ID: CWE-434

Exploitation vector: Remote access

Vulnerable software:
Umbraco CMS

Link to public exploit:

The vulnerability allows a remote authenticated user to manipulate data.

Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.

Install update from vendor's website.