Umbraco CMS remote code execution

Description
  • Umbraco CMS version 4.7.0 is vulnerable to a remote code execution vulnerability. An attacker can upload files via an unsecured web service located at /umbraco/webservices/codeEditorSave.asmx (method <strong>SaveDLRScript</strong>). Acunetix created a file named <strong>testAcunetix.test</strong> to test for this vulnerability.
Remediation
  • Upgrade to the latest version of Umbraco CMS.
References