CVE-2013-4793: Improper Authentication

December 27, 2014 (updated December 30, 2014)

The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request.

References

labs.mwrinfosecurity.com/advisories/2013/11/29/umbraco-cms-templateservice-remote-code-execution/
nvd.nist.gov/vuln/detail/CVE-2013-4793

Code Behaviors & Features

Detect and mitigate CVE-2013-4793 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →