Toby Clarke

2 exploits Active since Aug 2025
CVE-2012-10054 EXPLOITDB CRITICAL ruby WORKING POC
Umbraco CMS < 4.7.1 - Unauthenticated Remote Code Execution via codeEditorSave.asmx SaveDLRScript Path Traversal
Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the fileName parameter, attackers can write malicious ASPX scripts directly into the web-accessible /umbraco/ directory and execute them remotely.
CVSS 9.8
CVE-2012-10054 METASPLOIT CRITICAL ruby WORKING POC
Umbraco CMS < 4.7.1 - Unauthenticated Remote Code Execution via codeEditorSave.asmx SaveDLRScript Path Traversal
Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the fileName parameter, attackers can write malicious ASPX scripts directly into the web-accessible /umbraco/ directory and execute them remotely.
CVSS 9.8