CVE-2021-38366

Name of the Vulnerable Software and Affected Versions Sitecore versions prior to 10.2

Description The issue allows remote authenticated users to upload arbitrary files and achieve remote code execution by visiting an uploaded .aspx file at an 'admin/Packages' URL when Update Center is enabled.

Recommendations For versions prior to 10.2, consider disabling the Update Center as a temporary workaround until a patch is available. Restrict access to the 'admin/Packages' URL to minimize the risk of exploitation. Avoid using the Update Center feature until the issue is resolved.