Is anyone aware of this issue? A vulnerability scan of some of our sites flagged this as an issue. I couldn't find anything on the forum or codeplex about this.
An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.Umbraco CMS 4.7.0.378 is vulnerable; other versions may also be affected.
Umbraco CMS 'codeEditorSave.asmx' Arbitrary File Upload Vulnerability
Is anyone aware of this issue? A vulnerability scan of some of our sites flagged this as an issue. I couldn't find anything on the forum or codeplex about this.
An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.Umbraco CMS 4.7.0.378 is vulnerable; other versions may also be affected.
http://www.securiteam.com/securitynews/5SP302080Q.html
We're running umbraco v 4.7.1.1 (Assembly version: 1.0.4517.18969).
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.