CVE-2019-25137

Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
References
Link Resource
https://0xdf.gitlab.io/2020/09/05/htb-remote.html Exploit Third Party Advisory
https://github.com/Ickarah/CVE-2019-25137-Version-Research Exploit Third Party Advisory
https://github.com/noraj/Umbraco-RCE Exploit Third Party Advisory
https://www.exploit-db.com/exploits/46153 Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-05-18 07:15

Updated : 2024-02-28 20:13


NVD link : CVE-2019-25137

Mitre link : CVE-2019-25137

CVE.ORG link : CVE-2019-25137


JSON object : View

Products Affected

umbraco

  • umbraco_cms
CWE
CWE-91

XML Injection (aka Blind XPath Injection)