2 matches found
CVE-2021-37334
Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a...
CVE-2021-37334
Umbraco Forms versions 4.0.0 through 8.7.5 (and older) are vulnerable to remote code execution and arbitrary file deletion due to file-extension validation occurring after files are stored in a temporary directory (%BASEDIR%/APP_DATA/TEMP/FileUploads/). The web.config protections restricting this...