Umbraco CMS remote code execution
Description
Umbraco CMS version 4.7.0 is vulnerable to a remote code execution vulnerability. An attacker can upload files via an unsecured web service located at /umbraco/webservices/codeEditorSave.asmx (method SaveDLRScript). Invicti created a file named testAcunetix.test to test for this vulnerability.
Remediation
Upgrade to the latest version of Umbraco CMS.