PT-2020-19708 · Umbraco · Umbraco Forms
Adrian Gigliotti
·
Published
2020-07-28
·
Updated
2023-03-02
·
CVE-2020-7685
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
UmbracoForms versions (all versions)
Description
The issue allows uploading arbitrary file types when using the default configuration for upload forms. Users can mitigate this by creating a custom workflow and frontend validation to block certain file types based on their security needs and policies.
Recommendations
For all versions, create a custom workflow and implement frontend validation to block upload of unwanted file types, aligning with your security policies.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Umbraco Forms