SB2020031624 - Multiple vulnerabilities in Umbraco CMS 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020031624

SB2020031624 - Multiple vulnerabilities in Umbraco CMS

Published: March 16, 2020 Updated: August 8, 2020

Security Bulletin ID SB2020031624
Severity
High
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 50% Medium 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Arbitrary file upload (CVE-ID: CVE-2020-9471)

The vulnerability allows a remote authenticated user to execute arbitrary code.

Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality.


2) Arbitrary file upload (CVE-ID: CVE-2020-9472)

The vulnerability allows a remote authenticated user to manipulate data.

Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.


Remediation

Install update from vendor's website.

References