CVE-2020-9472: Malicious File Upload
First published: Mon Mar 16 2020(Updated: )
Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Umbraco Umbraco Cms | =8.5.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-9472?
CVE-2020-9472 is a vulnerability in Umbraco CMS 8.5.3 that allows an authenticated attacker to upload malicious files, leading to remote code execution.
How severe is CVE-2020-9472?
CVE-2020-9472 has a severity rating of 6.5 out of 10, which is considered medium.
How does CVE-2020-9472 work?
CVE-2020-9472 allows an authenticated attacker to upload malicious files via the Install Package functionality in Umbraco CMS 8.5.3, which can lead to remote code execution.
Is Umbraco CMS 8.5.3 the only version affected by CVE-2020-9472?
Yes, CVE-2020-9472 specifically affects Umbraco CMS version 8.5.3.
How can I fix CVE-2020-9472?
To fix CVE-2020-9472, it is recommended to upgrade Umbraco CMS to a version that has addressed the vulnerability or apply any available patches or security updates provided by the vendor.
- collector/nvd-index
- vendor/umbraco
- canonical/umbraco umbraco cms
- version/umbraco umbraco cms/8.5.3