Umbraco CMS remote code execution
Description
Umbraco CMS version 4.7.0 contains an unauthenticated remote code execution vulnerability in the /umbraco/webservices/codeEditorSave.asmx web service. The SaveDLRScript method lacks proper authentication controls, allowing unauthorized users to upload and execute arbitrary files on the server. This vulnerability was confirmed by successfully uploading a test file named testAcunetix.test through the exposed endpoint.
Remediation
Apply the following remediation steps immediately:
1. Upgrade Umbraco CMS to the latest stable version available from the official Umbraco website. Version 4.7.0 is significantly outdated and contains multiple security vulnerabilities.
2. Restrict access to administrative endpoints by implementing authentication and authorization controls on all web services located under /umbraco/webservices/. Ensure that only authenticated administrators can access these endpoints.
3. Review uploaded files on the server for any unauthorized or suspicious content that may have been uploaded through this vulnerability.
4. Implement network-level controls to restrict access to the Umbraco administrative interface to trusted IP addresses or networks only.
5. Monitor server logs for any suspicious activity related to the codeEditorSave.asmx endpoint, including unexpected file uploads or execution attempts.