PT-2021-11695 · Orchard+1 · Orchard+1
Burninator
·
Published
2021-04-14
·
Updated
2021-04-22
·
CVE-2020-29592
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Orchard versions prior to 1.10
Description:
The issue concerns a broken access control in Orchard components using the TinyMCE HTML editor's file upload, allowing attackers to upload dangerous executables bypassing the allowed file types. Additionally, the Media Settings Allowed File Types list field is vulnerable to XSS payloads, which execute when users attempt to upload a disallowed file type, causing the error to display.
Recommendations:
For versions prior to 1.10, update to version 1.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the file upload feature in the TinyMCE HTML editor and limiting the allowed file types in Media settings to minimize the risk of exploitation. Avoid using the Media Settings Allowed File Types list field until the issue is resolved.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Orchard
Tinymce