CVE-2021-33224

Name of the Vulnerable Software and Affected Versions Umbraco Forms version 8.7.0

Description The issue allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file. This is a result of a file upload vulnerability.

Recommendations For Umbraco Forms version 8.7.0, consider restricting file uploads to prevent exploitation until a patch is available. As a temporary workaround, restrict access to the web.config and asp files to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.