PT-2023-20571 · Sitecore · Sitecore Xp/Xm
Thomas Stern
·
Published
2023-03-14
·
Updated
2025-02-27
·
CVE-2023-26262
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Sitecore XP/XM version 10.3
Description
An issue exists where an authenticated Sitecore user can upload language files without restrictions, leading to direct code execution on the content management server.
Recommendations
For Sitecore XP/XM version 10.3, consider restricting language file uploads to prevent direct code execution until a patch is available.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sitecore Xp/Xm