$Umbraco CMS remote code execution

Description

Umbraco CMS version 4.7.0 is vulnerable to a remote code execution vulnerability. An attacker can upload files via an unsecured web service located at /umbraco/webservices/codeEditorSave.asmx (method SaveDLRScript). Acunetix WVS created a file named testAcunetix.test to test for this vulnerability.

Remediation

Upgrade to the latest version of Umbraco CMS.

References