CVE-2009-4367
Sitecore Staging Module <5.4.0 - Auth Bypass
Title source: llmDescription
The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by L. Weichselbaum · textwebappswindows
https://www.exploit-db.com/exploits/10513
References (7)
Scores
EPSS
0.0672
EPSS Percentile
91.1%
Classification
CWE
CWE-287
Status
draft
Affected Products (1)
sitecore/staging_module
< 5.4.0
Timeline
Published
Dec 21, 2009
Tracked Since
Feb 18, 2026