An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-04-14T14:23:12
Updated: 2024-08-04T16:55:10.596Z
Reserved: 2020-12-07T00:00:00
Link: CVE-2020-29592
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-04-14T15:15:13.330
Modified: 2021-04-22T12:52:43.433
Link: CVE-2020-29592
Redhat
No data.