← Volver a CVEs

CVE-2020-29592

CRITICAL

9.8

Descripcion

An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings).

Detalles CVE

Puntuacion CVSS v3.19.8

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado4/14/2021

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

orchardproject:orchard

Debilidades (CWE)

CWE-434

Referencias

https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html(cve@mitre.org)

https://github.com/OrchardCMS/Orchard/releases(cve@mitre.org)

https://burninatorsec.blogspot.com/2021/04/cve-2020-29592-and-cve-2020-29593.html(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/OrchardCMS/Orchard/releases(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.