Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a temporary directory. By default, files are stored within the application directory structure at %BASEDIR%/APP_DATA/TEMP/FileUploads/. Whilst access to this directory is restricted by the root web.config file, it is possible to override this restriction by uploading another specially crafted web.config file to the temporary directory. It is possible to exploit this flaw to upload a malicious script file to execute arbitrary code and system commands on the server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Umbraco Forms 安全漏洞
Vulnerability Description
Umbraco Forms是一款表单构建工具。 Umbraco Forms 4.0.0至8.7.5版本存在安全漏洞,攻击者可利用该漏洞执行远程代码和删除任意文件。
CVSS Information
N/A
Vulnerability Type
N/A