Description
Umbraco CMS version 4.7.0 is vulnerable to a remote code execution vulnerability. An attacker can upload files via an unsecured web service located at /umbraco/webservices/codeEditorSave.asmx (method SaveDLRScript). Acunetix created a file named testAcunetix.test to test for this vulnerability.
Remediation
Upgrade to the latest version of Umbraco CMS.
References
Related Vulnerabilities
WordPress Plugin WP-Stateless-Google Cloud Storage Remote Code Execution (2.2.0)
WordPress Plugin WordPress Landing Pages Remote Code Execution (1.9.0)
Apache Struts2 Remote Command Execution (S2-053)
vBulletin 5 CONNECT remote code execution
Drupal 7 arbitrary PHP code execution and information disclosure