CVE-2013-4793

Umbraco CMS <6.0.4 - RCE

Title source: llm

Description

The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request.

References (1)

[Various Sources] https://labs.mwrinfosecurity.com/advisories/2013/11/29/umbraco-cms-templateservice-remote-code-execution/

Scores

EPSS 0.0040

EPSS Percentile 60.0%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

umbraco/umbraco_cms < 6.0.3

Timeline

Published Dec 27, 2014

Tracked Since Feb 18, 2026