An issue exists in Orchard prior to 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an malicious user to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
orchardproject orchard |