Description

Umbraco CMS version 4.7.0 is vulnerable to a remote code execution vulnerability. An attacker can upload files via an unsecured web service located at /umbraco/webservices/codeEditorSave.asmx (method SaveDLRScript). Acunetix created a file named testAcunetix.test to test for this vulnerability.

Remediation

Upgrade to the latest version of Umbraco CMS.

References

Find Bugs Faster With A WebMatrix Local Reference Instance

Umbraco CMS download

Related Vulnerabilities

Plone arbitrary code execution

Check for apache versions up to 1.3.25, 2.0.38

UnrealIRCd 3.2.8.1 backdoor

EktronCMS Saxon XSLT parser remote code execution

Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.2)

Severity

High

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Tags

Code Execution Known Vulnerabilities