CVE-2020-9472

MEDIUM

Umbraco CMS < 8.5.4 - Authenticated Remote Code Execution via Install Package File Upload

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-9472. PoCs published by eLeN3Re, john-dooe.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2020-9472, targeting an authenticated file upload vulnerability in Umbraco CMS 8.5.3. The exploit constructs a malicious ZIP file to achieve remote code execution via the Packages functionality.

Description

Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality.

Exploits (2)

gitlab WORKING POC

by eLeN3Re · poc

https://gitlab.com/eLeN3Re/cve-2020-9472

View Code ZIP pw:eip

This repository contains a functional Python exploit for CVE-2020-9472, targeting an authenticated file upload vulnerability in Umbraco CMS 8.5.3. The exploit constructs a malicious ZIP file to achieve remote code execution via the Packages functionality.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Umbraco CMS 8.5.3

Auth required

Prerequisites: Authenticated access to Umbraco CMS

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

nomisec SUSPICIOUS

by john-dooe · poc

https://github.com/john-dooe/CVE-2020-9472

View Code ZIP pw:eip

The repository contains only a README with a vague description of CVE-2020-9472 (Umbraco CMS file upload vulnerability) but no actual exploit code, technical details, or proof-of-concept. The lack of content and reliance on external context suggest a potential lure.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: Umbraco CMS

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://gitlab.com/eLeN3Re/cve-2020-9472

Scores

CVSS v3 6.5

EPSS 0.0216

EPSS Percentile 84.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-434

Status published

Products (2)

nuget/UmbracoCms 0 - 8.5.4NuGet

umbraco/umbraco_cms 8.5.3

Published Mar 16, 2020

Tracked Since Feb 18, 2026