Tuesday, April 13, 2021

CVE-2020-29592 and CVE-2020-29593 - Orchard CMS Unrestricted File Upload and XSS

 

Note: This is fixed in Orchard 1.10, this post is about Orchard 1.8.1.0.


CVE-2929-29592 - Unrestricted File Upload via Media Folder and TinyMCE HTML Editor:

https://user-images.githubusercontent.com/68610637/101294502-afb75c00-37e5-11eb-8bc4-9745a66e15f5.png

Not allowed because these are the allowed file types:

https://user-images.githubusercontent.com/68610637/101294729-741d9180-37e7-11eb-84e8-fee3143f34b1.png

But we can...

https://user-images.githubusercontent.com/68610637/101294742-88fa2500-37e7-11eb-8141-6092d7de5e6a.png

https://user-images.githubusercontent.com/68610637/101294750-91eaf680-37e7-11eb-9fd8-2b83ebb2a1c2.png 

 Success!

https://user-images.githubusercontent.com/68610637/101294764-a4653000-37e7-11eb-9ffb-9cc44fbb9589.png 

 

CVE-2020-29593 - XSS via Media Types Settings



 



https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29592

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29593


No comments:

Post a Comment