NIST (AV:N/AC:M/Au:N/C:C/I:C/A:C)

NIST (AV:N/AC:M/Au:N/C:P/I:P/A:P)

A security issue in Umbraco Forms 4.0.0 to and including 8.7.5 could lead to a remote code execution attack and/or arbitrary file deletion.

Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. A vulnerability occurs because validation of the file extension is performed after the file has been stored in a temporary directory. By default, files are stored within the application directory structure at %BASEDIR%/APP_DATA/TEMP/FileUploads/. Whilst access to this directory is restricted by the root web.config file

OR
     *cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:* versions from (including) 4.0.0 up to (excluding) 4.4.9
     *cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:* versions from (including) 6.0.0 up to (excluding) 6.0.10
     *cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:* versions from (including) 7.0.0 up to (excluding) 7.0.7
     *cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:* versions from (including) 7.1.0 up to (excluding) 7.1.4
     *cpe:2.3:a:umbraco:forms:*:*:*:*:*:*:*:* versions from (including) 7.2.0 up to (exc

NIST (AV:N/AC:M/Au:N/C:P/I:P/A:P)

NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NIST NVD-CWE-noinfo

https://umbraco.com/blog/security-advisory-20th-of-july-2021-patch-is-now-available/ No Types Assigned

https://umbraco.com/blog/security-advisory-20th-of-july-2021-patch-is-now-available/ Patch, Vendor Advisory

https://umbraco.com/blog/security-advisory-security-patches-for-umbraco-forms-ready-on-july-20th-2021-at-7-am-utc/ No Types Assigned

https://umbraco.com/blog/security-advisory-security-patches-for-umbraco-forms-ready-on-july-20th-2021-at-7-am-utc/ Vendor Advisory