We have a 3rd party utility to scan for security vulnerabilties and it hit on Unbraco CMS with the SaveDLRScript SOAP operation contained within the codeEditorSave.asmx. It says it fails to sanitize user supplied data and allows remote unauthenticated attackers to arbitrary files to a know web-accessible path. It suggests to upgrade. We are on version 4.7 i believe. Does anyone know what 4.xx version will alleviate this issue?
All versions from 4.5 to 4.11.7 and also up to 6.0.4 were unfortunately affected by some security isses so it' advisable to upgrade to 4.11.10 for instance.
Vulnerability Notice
We have a 3rd party utility to scan for security vulnerabilties and it hit on Unbraco CMS with the SaveDLRScript SOAP operation contained within the codeEditorSave.asmx. It says it fails to sanitize user supplied data and allows remote unauthenticated attackers to arbitrary files to a know web-accessible path. It suggests to upgrade. We are on version 4.7 i believe. Does anyone know what 4.xx version will alleviate this issue?
Thanks
Anyone? Anyone? Buellar?
Have a look around here. http://umbraco.com/follow-us/blog-archive/2013/5/1/security-update-two-major-vulnerabilities-found.aspx
I do remember some secuirty problems around 4.7 but cannot remember what they were :). Hope that helps. Charlie :)
Hi Deron
All versions from 4.5 to 4.11.7 and also up to 6.0.4 were unfortunately affected by some security isses so it' advisable to upgrade to 4.11.10 for instance.
/Jan
is working on a reply...