Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Deron Johnson 83 posts 114 karma points
    Aug 27, 2013 @ 15:22
    Deron Johnson
    0

    Vulnerability Notice

    We have a 3rd party utility to scan for security vulnerabilties and it hit on Unbraco CMS with the SaveDLRScript SOAP operation contained within the codeEditorSave.asmx. It says it fails to sanitize user supplied data and allows remote unauthenticated attackers to arbitrary files to a know web-accessible path. It suggests to upgrade. We are on version 4.7 i believe. Does anyone know what 4.xx version will alleviate this issue?

     

    Thanks

  • Deron Johnson 83 posts 114 karma points
    Aug 28, 2013 @ 20:27
    Deron Johnson
    0

    Anyone?  Anyone?  Buellar?

  • Charles Afford 1163 posts 1709 karma points
    Aug 31, 2013 @ 13:46
    Charles Afford
    1

    Have a look around here.  http://umbraco.com/follow-us/blog-archive/2013/5/1/security-update-two-major-vulnerabilities-found.aspx

    I do remember some secuirty problems around 4.7 but cannot remember what they were :).  Hope that helps.  Charlie :)

  • Jan Skovgaard 11280 posts 23678 karma points MVP 11x admin c-trib
    Aug 31, 2013 @ 16:38
    Jan Skovgaard
    0

    Hi Deron

    All versions from 4.5 to 4.11.7 and also up to 6.0.4 were unfortunately affected by some security isses so it' advisable to upgrade to 4.11.10 for instance.

    /Jan

Please Sign in or register to post replies

Write your reply to:

Draft