Lucene search

MitreCVE-2020-9472

HistoryMar 16, 2020 - 8:15 p.m.

CVE-2020-9472

2020-03-1620:15:13

CWE-434

mitre

web.nvd.nist.gov

umbraco

cms

8.5.3

authenticated

file upload

rce

install package

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

33.1%

JSON

Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.

Affected configurations

Nvd

Node

umbracoumbraco_cmsMatch8.5.3

VendorProductVersionCPE
umbracoumbraco_cms8.5.3cpe:2.3:a:umbraco:umbraco_cms:8.5.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
umbraco	umbraco_cms	8.5.3	cpe:2.3:a:umbraco:umbraco_cms:8.5.3:::::::*

References

gitlab.com/eLeN3Re/cve-2020-9472

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

33.1%

JSON

Related for CVE-2020-9472