Search criteria
5 vulnerabilities found for Forms by Umbraco
CVE-2025-68924 (GCVE-0-2025-68924)
Vulnerability from nvd – Published: 2026-01-16 00:00 – Updated: 2026-01-16 19:00 Unsupported When Assigned
VLAI?
Summary
In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a data source for remote code execution.
Severity ?
7.5 (High)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T18:59:57.197602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T19:00:26.430Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"packageURL": "pkg:nuget/UmbracoForms",
"product": "Forms",
"vendor": "Umbraco",
"versions": [
{
"lessThanOrEqual": "8.13.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.13.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a data source for remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T18:42:31.086Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://our.umbraco.com/packages/developer-tools/umbraco-forms/"
},
{
"url": "https://github.com/advisories/GHSA-vrgw-pc9c-qrrc"
},
{
"url": "https://www.nuget.org/packages/UmbracoForms"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-68924",
"datePublished": "2026-01-16T00:00:00.000Z",
"dateReserved": "2025-12-24T00:00:00.000Z",
"dateUpdated": "2026-01-16T19:00:26.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-37334 (GCVE-0-2021-37334)
Vulnerability from nvd – Published: 2021-08-25 21:16 – Updated: 2024-08-04 01:16
VLAI?
Summary
Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a temporary directory. By default, files are stored within the application directory structure at %BASEDIR%/APP_DATA/TEMP/FileUploads/. Whilst access to this directory is restricted by the root web.config file, it is possible to override this restriction by uploading another specially crafted web.config file to the temporary directory. It is possible to exploit this flaw to upload a malicious script file to execute arbitrary code and system commands on the server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://umbraco.com/blog/security-advisory-security-patches-for-umbraco-forms-ready-on-july-20th-2021-at-7-am-utc/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://umbraco.com/blog/security-advisory-20th-of-july-2021-patch-is-now-available/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a temporary directory. By default, files are stored within the application directory structure at %BASEDIR%/APP_DATA/TEMP/FileUploads/. Whilst access to this directory is restricted by the root web.config file, it is possible to override this restriction by uploading another specially crafted web.config file to the temporary directory. It is possible to exploit this flaw to upload a malicious script file to execute arbitrary code and system commands on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-22T20:27:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://umbraco.com/blog/security-advisory-security-patches-for-umbraco-forms-ready-on-july-20th-2021-at-7-am-utc/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://umbraco.com/blog/security-advisory-20th-of-july-2021-patch-is-now-available/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a temporary directory. By default, files are stored within the application directory structure at %BASEDIR%/APP_DATA/TEMP/FileUploads/. Whilst access to this directory is restricted by the root web.config file, it is possible to override this restriction by uploading another specially crafted web.config file to the temporary directory. It is possible to exploit this flaw to upload a malicious script file to execute arbitrary code and system commands on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://umbraco.com/blog/security-advisory-security-patches-for-umbraco-forms-ready-on-july-20th-2021-at-7-am-utc/",
"refsource": "MISC",
"url": "https://umbraco.com/blog/security-advisory-security-patches-for-umbraco-forms-ready-on-july-20th-2021-at-7-am-utc/"
},
{
"name": "https://umbraco.com/blog/security-advisory-20th-of-july-2021-patch-is-now-available/",
"refsource": "MISC",
"url": "https://umbraco.com/blog/security-advisory-20th-of-july-2021-patch-is-now-available/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37334",
"datePublished": "2021-08-25T21:16:01",
"dateReserved": "2021-07-21T00:00:00",
"dateUpdated": "2024-08-04T01:16:03.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-68924 (GCVE-0-2025-68924)
Vulnerability from cvelistv5 – Published: 2026-01-16 00:00 – Updated: 2026-01-16 19:00 Unsupported When Assigned
VLAI?
Summary
In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a data source for remote code execution.
Severity ?
7.5 (High)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T18:59:57.197602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T19:00:26.430Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"packageURL": "pkg:nuget/UmbracoForms",
"product": "Forms",
"vendor": "Umbraco",
"versions": [
{
"lessThanOrEqual": "8.13.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.13.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL (aka Webservice) URL as a data source for remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T18:42:31.086Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://our.umbraco.com/packages/developer-tools/umbraco-forms/"
},
{
"url": "https://github.com/advisories/GHSA-vrgw-pc9c-qrrc"
},
{
"url": "https://www.nuget.org/packages/UmbracoForms"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-68924",
"datePublished": "2026-01-16T00:00:00.000Z",
"dateReserved": "2025-12-24T00:00:00.000Z",
"dateUpdated": "2026-01-16T19:00:26.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-37334 (GCVE-0-2021-37334)
Vulnerability from cvelistv5 – Published: 2021-08-25 21:16 – Updated: 2024-08-04 01:16
VLAI?
Summary
Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a temporary directory. By default, files are stored within the application directory structure at %BASEDIR%/APP_DATA/TEMP/FileUploads/. Whilst access to this directory is restricted by the root web.config file, it is possible to override this restriction by uploading another specially crafted web.config file to the temporary directory. It is possible to exploit this flaw to upload a malicious script file to execute arbitrary code and system commands on the server.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://umbraco.com/blog/security-advisory-security-patches-for-umbraco-forms-ready-on-july-20th-2021-at-7-am-utc/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://umbraco.com/blog/security-advisory-20th-of-july-2021-patch-is-now-available/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a temporary directory. By default, files are stored within the application directory structure at %BASEDIR%/APP_DATA/TEMP/FileUploads/. Whilst access to this directory is restricted by the root web.config file, it is possible to override this restriction by uploading another specially crafted web.config file to the temporary directory. It is possible to exploit this flaw to upload a malicious script file to execute arbitrary code and system commands on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-22T20:27:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://umbraco.com/blog/security-advisory-security-patches-for-umbraco-forms-ready-on-july-20th-2021-at-7-am-utc/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://umbraco.com/blog/security-advisory-20th-of-july-2021-patch-is-now-available/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a temporary directory. By default, files are stored within the application directory structure at %BASEDIR%/APP_DATA/TEMP/FileUploads/. Whilst access to this directory is restricted by the root web.config file, it is possible to override this restriction by uploading another specially crafted web.config file to the temporary directory. It is possible to exploit this flaw to upload a malicious script file to execute arbitrary code and system commands on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://umbraco.com/blog/security-advisory-security-patches-for-umbraco-forms-ready-on-july-20th-2021-at-7-am-utc/",
"refsource": "MISC",
"url": "https://umbraco.com/blog/security-advisory-security-patches-for-umbraco-forms-ready-on-july-20th-2021-at-7-am-utc/"
},
{
"name": "https://umbraco.com/blog/security-advisory-20th-of-july-2021-patch-is-now-available/",
"refsource": "MISC",
"url": "https://umbraco.com/blog/security-advisory-20th-of-july-2021-patch-is-now-available/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37334",
"datePublished": "2021-08-25T21:16:01",
"dateReserved": "2021-07-21T00:00:00",
"dateUpdated": "2024-08-04T01:16:03.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2021-37334
Vulnerability from fkie_nvd - Published: 2021-08-25 22:15 - Updated: 2024-11-21 06:14
Severity ?
Summary
Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a temporary directory. By default, files are stored within the application directory structure at %BASEDIR%/APP_DATA/TEMP/FileUploads/. Whilst access to this directory is restricted by the root web.config file, it is possible to override this restriction by uploading another specially crafted web.config file to the temporary directory. It is possible to exploit this flaw to upload a malicious script file to execute arbitrary code and system commands on the server.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14CCAF6C-E817-40A1-BD3A-F7FD88B5F1D2",
"versionEndExcluding": "4.4.9",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66BDB482-9007-489E-9579-1AFF853B0B34",
"versionEndExcluding": "6.0.10",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3FA214C-5045-47C1-8DB5-F55480E931E7",
"versionEndExcluding": "7.0.7",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B77F3EF-5A06-4A46-AC9A-1510A0C1159F",
"versionEndExcluding": "7.1.4",
"versionStartIncluding": "7.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5DAE08E-080B-4F33-8013-B78DD771D16B",
"versionEndExcluding": "7.2.1",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14F64867-A85F-40EE-B139-27A719862C90",
"versionEndExcluding": "7.3.2",
"versionStartIncluding": "7.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFD28213-A9A8-4B89-B853-162F6D786429",
"versionEndExcluding": "7.4.3",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F74A196-289B-42A1-B9A8-780E9E45DCD6",
"versionEndExcluding": "7.5.4",
"versionStartIncluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9A4DE4-D6C8-402C-832A-8D8C0F226E3B",
"versionEndExcluding": "8.0.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B48A846-EB35-4A76-BED9-10D500D0ABCB",
"versionEndExcluding": "8.1.6",
"versionStartIncluding": "8.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A9AC679-11B7-488F-BEAD-DF415AA9DCEE",
"versionEndExcluding": "8.2.3",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AED97B97-4C76-4D45-9F2F-D2D4A00CB416",
"versionEndExcluding": "8.3.4",
"versionStartIncluding": "8.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02F6AFC6-E981-49D3-B9CE-54339301C56E",
"versionEndExcluding": "8.4.4",
"versionStartIncluding": "8.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7B1A63-11D9-49B2-986B-648A9EE2B685",
"versionEndExcluding": "8.5.7",
"versionStartIncluding": "8.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7374D6-1DE1-4CC1-BAD1-054EBAD0E26A",
"versionEndExcluding": "8.6.2",
"versionStartIncluding": "8.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA322ABD-2D97-4428-9116-E52D318D07CF",
"versionEndExcluding": "8.7.6",
"versionStartIncluding": "8.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a temporary directory. By default, files are stored within the application directory structure at %BASEDIR%/APP_DATA/TEMP/FileUploads/. Whilst access to this directory is restricted by the root web.config file, it is possible to override this restriction by uploading another specially crafted web.config file to the temporary directory. It is possible to exploit this flaw to upload a malicious script file to execute arbitrary code and system commands on the server."
},
{
"lang": "es",
"value": "Las versiones de Umbraco Forms 4.0.0 hasta la 8.7.5 e inferiores son vulnerables a un fallo de seguridad que podr\u00eda dar lugar a un ataque de ejecuci\u00f3n remota de c\u00f3digo y/o eliminaci\u00f3n arbitraria de archivos. La vulnerabilidad se produce porque la validaci\u00f3n de la extensi\u00f3n del archivo se realiza despu\u00e9s de que el archivo se haya almacenado en un directorio temporal. Por defecto, los archivos se almacenan dentro de la estructura de directorios de la aplicaci\u00f3n en %BASEDIR%/APP_DATA/TEMP/FileUploads/. Aunque el acceso a este directorio est\u00e1 restringido por el archivo web.config ra\u00edz, es posible anular esta restricci\u00f3n cargando otro archivo web.config especialmente dise\u00f1ado en el directorio temporal. Es posible explotar este fallo para subir un archivo de script malicioso para ejecutar c\u00f3digo arbitrario y comandos del sistema en el servidor"
}
],
"id": "CVE-2021-37334",
"lastModified": "2024-11-21T06:14:58.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-25T22:15:07.123",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://umbraco.com/blog/security-advisory-20th-of-july-2021-patch-is-now-available/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://umbraco.com/blog/security-advisory-security-patches-for-umbraco-forms-ready-on-july-20th-2021-at-7-am-utc/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://umbraco.com/blog/security-advisory-20th-of-july-2021-patch-is-now-available/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://umbraco.com/blog/security-advisory-security-patches-for-umbraco-forms-ready-on-july-20th-2021-at-7-am-utc/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}