Skip to main content

Insecure Default Initialization of Resource


Severity High
Score 7.5/10


This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that blocks certain file types, depending on their security needs and policies.

  • LOW
  • HIGH
  • NONE
  • NONE
  • NONE
  • NONE

CWE-1188 - Insecure Default Initialization of Resource

The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

Advisory Timeline

  • Published