Impact
Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location.
Explanation of the vulnerability
The “Package” section in Umbraco Backoffice allows a logged in user to write folders outside of the default package directory.
Impact
Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location.
Explanation of the vulnerability
The “Package” section in Umbraco Backoffice allows a logged in user to write folders outside of the default package directory.