While performing a security assesment in a Umbraco instance I noticed that a user that has access to the content and settings section, has a way to perform an elevation of privileges by executing SQL commands (not a vulnerability per se, more like a feature used in a malicious way).

This can be done creating/editing a template and using:

• ApplicationContext.Current.DatabaseContext.Database.Execute
• ApplicationContext.Current.DatabaseContext.Database.Fetch

To get values from the database (users, password, emails, other useful and confidential info, etc) but also to insert or modify data, for example changing the type of an user (and elevating its privileges) or inserting a new user with higher privileges, as it was demostrated by Jeffrey in CodeGarden 2018.

Just to be clear, I tested this in Umbraco 7.1.

I would like to know:

• What are the recommendations to avoid this?
• Or should I assume that any user with access to the Settings section, indirectly can become administrator of the Umbraco instance?
• Or from the other perspective, is there a safer way to grant a user permissions to the Settings sections and being sure that he can't obtain other permissions that weren't specifically granted in the Users section?

Also there is the "problem" that this user can also perform arbitrary queries in the database, for example to get a list of all the users with emails, password, etc. Is this normal and expected?