Is anyone aware of this issue? A vulnerability scan of some of our sites flagged this as an issue. I couldn't find anything on the forum or codeplex about this.
An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.Umbraco CMS 4.7.0.378 is vulnerable; other versions may also be affected.
Umbraco CMS 'codeEditorSave.asmx' Arbitrary File Upload Vulnerability
Is anyone aware of this issue? A vulnerability scan of some of our sites flagged this as an issue. I couldn't find anything on the forum or codeplex about this.
An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.Umbraco CMS 4.7.0.378 is vulnerable; other versions may also be affected.
http://www.securiteam.com/securitynews/5SP302080Q.html
We're running umbraco v 4.7.1.1 (Assembly version: 1.0.4517.18969).
is working on a reply...