CVE-2012-10054

Name of the Vulnerable Software and Affected Versions: Umbraco CMS versions prior to 4.7.1

Description: Umbraco CMS versions prior to 4.7.1 are susceptible to unauthenticated remote code execution through the codeEditorSave.asmx API endpoint. This endpoint exposes a SaveDLRScript operation that allows arbitrary file uploads without authentication. Exploiting a path traversal flaw in the fileName parameter enables attackers to write malicious ASPX scripts directly into the web-accessible /umbraco/ directory and execute them remotely.

Recommendations: Update Umbraco CMS to version 4.7.1 or later.