CVE-2020-29592

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-29592

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-29592.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-29592

Published

2021-04-14T15:15:13.330Z

Modified

2025-11-14T11:06:31.882732Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings).

References

Affected packages

Git / github.com/orchardcms/orchard

Affected ranges

Type: GIT
Repo: https://github.com/orchardcms/orchard
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6dcbbc2d93df77a8d6665e6e6133b4ac09e661c0

Affected versions

1.*

1.4

1.4.1

1.6

1.7

1.7.1

1.7.2

1.8

1.8.1

1.9

1.9.1

1.9.2

1.9.3

Other

patch-20150519

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-29592.json"