{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T07:42:39.834","vulnerabilities":[{"cve":{"id":"CVE-2012-10054","sourceIdentifier":"disclosure@vulncheck.com","published":"2025-08-13T21:15:29.687","lastModified":"2025-09-19T17:02:51.163","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path traversal flaw in the fileName parameter, attackers can write malicious ASPX scripts directly into the web-accessible /umbraco/ directory and execute them remotely."},{"lang":"es","value":"Las versiones de Umbraco CMS anteriores a la 4.7.1 son vulnerables a la ejecución remota de código no autenticado a través del endpoint SOAP codeEditorSave.asmx, lo que expone una operación SaveDLRScript que permite la carga de archivos arbitrarios sin autenticación. Al explotar una vulnerabilidad de path traversal en el parámetro fileName, los atacantes pueden escribir scripts ASPX maliciosos directamente en el directorio web /umbraco/ y ejecutarlos remotamente."}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-434"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*","versionEndExcluding":"4.7.1","matchCriteriaId":"573AF515-B347-459E-A071-1863468B6F7D"}]}]}],"references":[{"url":"https://github.com/umbraco/Umbraco-CMS","source":"disclosure@vulncheck.com","tags":["Product"]},{"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/umbraco_upload_aspx.rb","source":"disclosure@vulncheck.com","tags":["Exploit"]},{"url":"https://web.archive.org/web/20111017174609/http://umbraco.codeplex.com/releases/view/73692","source":"disclosure@vulncheck.com","tags":["Patch","Third Party Advisory"]},{"url":"https://web.archive.org/web/20120707033729/http://blog.gdssecurity.com/labs/2012/7/3/find-bugs-faster-with-a-webmatrix-local-reference-instance.html","source":"disclosure@vulncheck.com","tags":["Patch"]},{"url":"https://www.exploit-db.com/exploits/19671","source":"disclosure@vulncheck.com","tags":["Exploit"]},{"url":"https://www.vulncheck.com/advisories/umbraco-cms-rce","source":"disclosure@vulncheck.com","tags":["Third Party Advisory"]},{"url":"https://web.archive.org/web/20120707033729/http://blog.gdssecurity.com/labs/2012/7/3/find-bugs-faster-with-a-webmatrix-local-reference-instance.html","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Patch"]}]}}]}