Umbraco CMS 8.5.3 allows an authenticated file upload

Rajaneesh
 

Overview :
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.

Umbraco CMS 8.5.3 – Authenticated FileUpload PoC

Attack Type: File Upload

Product Version: 8.5.3

OWASP Category: Unrestricted File Upload

Solution: Add package integrity mechanisms and/or file extension whitelist/blacklist filtering

Summary: Umbraco CMS 8.5.3 allows an authenticated file upload via the Packages functionality

Technical Description: See CVE-2020-9472.pdf

Exploit: See exploit_local.py
 
Vulnerability Details :
CVE ID :

CVE-2020-9472

Reference Order

References are typically listed in the order below:

  • Initial announcement
  • Response team advisory
  • Vendor acknowledgement/advisory
  • All other public sources