CVE-2019-25137

Опубликовано: 18 мая 2023

Источник: nvd

CVSS3: 7.2

EPSS Средний

Описание

Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.

Ссылки

https://0xdf.gitlab.io/2020/09/05/htb-remote.html
Exploit
Third Party Advisory
https://github.com/Ickarah/CVE-2019-25137-Version-Research
Exploit
Third Party Advisory
https://github.com/noraj/Umbraco-RCE
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/46153
Exploit
Third Party Advisory
VDB Entry
https://0xdf.gitlab.io/2020/09/05/htb-remote.html
Exploit
Third Party Advisory
https://github.com/Ickarah/CVE-2019-25137-Version-Research
Exploit
Third Party Advisory
https://github.com/noraj/Umbraco-RCE
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/46153
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*

Версия от 4.11.8 (включая) до 7.15.10 (включая)

EPSS

Процентиль: 97%

0.31384

Средний

7.2 High

CVSS3

Дефекты

CWE-91

Связанные уязвимости

GHSA-m3p3-xhrf-jxm7