Description
Umbraco CMS version 4.7.0 is vulnerable to a remote code execution vulnerability. An attacker can upload files via an unsecured web service located at /umbraco/webservices/codeEditorSave.asmx (method SaveDLRScript). Acunetix created a file named testAcunetix.test to test for this vulnerability.
Remediation
Upgrade to the latest version of Umbraco CMS.
References
Related Vulnerabilities
MySQL CVE-2021-2081 Vulnerability (CVE-2021-2081)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3388)
Artifactory Improper Input Validation Vulnerability (CVE-2019-19937)
Python Uncontrolled Resource Consumption Vulnerability (CVE-2019-9674)
Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-7464)