Multiple vulnerabilities in Umbraco CMS

1) Arbitrary file upload

EUVDB-ID: #VU34731

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-9471

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to execute arbitrary code.

Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Umbraco CMS: 8.5.3

External links

http://gitlab.com/eLeN3Re/cve-2020-9471

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Arbitrary file upload

EUVDB-ID: #VU34732

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2020-9472

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: Yes

Description

The vulnerability allows a remote authenticated user to manipulate data.

Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Umbraco CMS: 8.5.3

External links

http://gitlab.com/eLeN3Re/cve-2020-9472

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.