Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Umbraco CMS TemplateService组件授权问题漏洞
Vulnerability Description
Umbraco CMS是丹麦Umbraco公司的一套使用ASP.Net建立,Mysql进行数据存储的内容管理系统,它支持自定义模板、支持用户管理、支持对内容进行权限定义等。TemplateService是其中的一个模板服务组件。 Umbraco CMS 6.0.3及之前版本的TemplateService组件中的umbraco.webservices/templates/templateService.cs文件中的‘update’函数存在安全漏洞,该漏洞源于程序没有要求身份验证。远程攻击者可通过发送特制的
CVSS Information
N/A
Vulnerability Type
N/A