cbcvebase.
CVE-2020-29592
published 2021-04-14

CVE-2020-29592: An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an…

PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.18%
80.1th percentile
An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings).

Affected

5 ranges
VendorProductVersion rangeFixed in
inteloptimization_for_tensorflow>= 0 < 2.1.42.1.4
inteloptimization_for_tensorflow>= 2.2.0 < 2.2.32.2.3
inteloptimization_for_tensorflow>= 2.3.0 < 2.3.32.3.3
inteloptimization_for_tensorflow>= 2.4.0 < 2.4.22.4.2
orchardprojectorchard< 1.101.10

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa5.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.