Details are now available for exploiting a critical security vulnerability that affects Microsoft SharePoint, increasing the risk of attacks on unpatched systems. The flaw received the tracking number CVE-2020-1147 (severity 9.8 out of 10) and also impacts Visual Studio.NET Framework and Visual Studio. Microsoft released a fix in this month’s rollout of security updates. A low-privileged user can leverage it to run arbitrary code remotely on a target SharePoint server. The bug is a failure to check the source markup of the XML file input, allowing an attacker to run code.
Source: https://www.bleepingcomputer.com/news/security/critical-sharepoint-flaw-dissected-rce-details-now-available/