Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Umbraco CMS < 4.7.1 codeEditorSave.asmx RCE
Vulnerability Description
Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the fileName parameter, attackers can write malicious ASPX scripts directly into the web-accessible /umbraco/ directory and execute them remotely.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Umbraco CMS 安全漏洞
Vulnerability Description
Umbraco CMS是丹麦Umbraco公司的一个内容管理系统。 Umbraco CMS 4.7.1之前版本存在安全漏洞,该漏洞源于codeEditorSave.asmx端点存在路径遍历,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A