CVE-2020-12471

Name of the Vulnerable Software and Affected Versions MonoX versions prior to 5.1.40.5152

Description The issue allows remote code execution due to deserialization in certain modules. This can be exploited via specific API endpoints, such as "HTML5Upload.ashx" or "Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx", because of vulnerabilities in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler.

Recommendations For MonoX versions prior to 5.1.40.5152, update to version 5.1.40.5152 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable modules, specifically ModuleGallery.HTML5Upload and ModuleGallery.SilverLightUploadModule, until a patch is applied. Additionally, limit interactions with the affected API endpoints, "HTML5Upload.ashx" and "Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx", to minimize the risk of exploitation.