CVE-2020-0929

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server, SharePoint Foundation, and SharePoint Enterprise Server (affected versions not specified)

Description The issue is related to a lack of restrictions on file uploads, which can be exploited by a remote attacker to execute arbitrary code by uploading a specially crafted SharePoint application package. This can allow the attacker to run code in the context of the SharePoint application pool and the SharePoint server farm account. The exploitation requires a user to upload a malicious package to an affected version of SharePoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.