Gary O’Leary-Steele

**Name of the Vulnerable Software and Affected Versions** Umbraco Forms versions 4.0.0 through 8.7.5 **Description** A security flaw in Umbraco Forms could lead to a remote code execution attack and/or arbitrary file deletion. The issue arises because validation of the file extension is performed after the file has been stored in a temporary directory, typically at %BASEDIR%/APP DATA/TEMP/FileUploads/. Although access to this directory is restricted by the root web.config file, an attacker can override this restriction by uploading a specially crafted web.config file to the temporary directory. This allows for the upload of a malicious script file to execute arbitrary code and system commands on the server. **Recommendations** For Umbraco Forms versions 4.0.0 through 8.7.5, consider disabling the file upload functionality until a patch is available. Restrict access to the temporary directory %BASEDIR%/APP DATA/TEMP/FileUploads/ to minimize the risk of exploitation. Avoid using the default file storage location within the application directory structure. As a temporary workaround, consider implementing additional validation for file extensions before storing files in the temporary directory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.