Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4793

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2013-4793
Last Modified 30 Dec 2014 06:21:09
Published 27 Dec 2014 01:59:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-4793

Summary

The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request.

Vulnerable Systems

Application

  • Umbraco Cms 6.0.3


References

MISC - https://labs.mwrinfosecurity.com/advisories/2013/11/29/umbraco-cms-templateservice-remote-code-execution/


Last Updated: 27 May 2016 11:07:22