CVE-2021-33224

EUVD-2021-19936
File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
umbracoumbraco_forms
8.7.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://umbraco.com
https://our.umbraco.com/packages/developer-tools/umbraco-forms
http://umbraco.com
https://our.umbraco.com/packages/developer-tools/umbraco-forms