Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.
References
Link | Resource |
---|---|
https://0xdf.gitlab.io/2020/09/05/htb-remote.html | Exploit Third Party Advisory |
https://github.com/Ickarah/CVE-2019-25137-Version-Research | Exploit Third Party Advisory |
https://github.com/noraj/Umbraco-RCE | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/46153 | Exploit Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2023-05-18 07:15
Updated : 2024-02-28 20:13
NVD link : CVE-2019-25137
Mitre link : CVE-2019-25137
CVE.ORG link : CVE-2019-25137
JSON object : View
Products Affected
umbraco
- umbraco_cms
CWE
CWE-91
XML Injection (aka Blind XPath Injection)