An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation (as shown in the documentation) belongs to the system administrator who is implementing Umbraco CMS in their environment, not to Umbraco CMS itself, a related issue to CVE-2023-49279.
An attacker uploads a crafted file with a PDF extension that contains malicious executable code. The file upload mechanism in Umbraco CMS does not enforce proper validation of file types and content on the platform side — according to the vendor, configuration of this validation is the responsibility of the environment administrator. The uploaded file can then be executed on the server side, leading to RCE.
Successful exploitation of the vulnerability could allow an unauthenticated attacker to execute arbitrary code remotely on the server (RCE), potentially resulting in complete system takeover, data leakage, and compromise of service integrity and availability.
Apply patches available from the vendor according to the references. Regardless of the dispute over responsibility, administrators should implement strict server-side validation of uploaded file types (verification of MIME headers, extensions, and content), restrict file upload permissions exclusively to trusted users, and configure the web server to prevent script execution in directories intended for user files.
Umbraco CMS v16.3.3 (vulnerability reported for this version; vendor disputes its validity)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HUmbraco Cms
APPUmbraco16.3.3
Related vulnerabilities
Umbraco CMS – nieuwierzytelniony RCE przez upload pliku ASPX
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettin...
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "...
Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has b...
Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffic...