RSS   Vulnerabilities for 'Staging module'   RSS

2009-12-21
 
CVE-2009-4367

CWE-287
 

 
The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request.

 

 >>> Vendor: Sitecore 5 Products
CMS
Staging module
CRM
Experience platform
Sitecore.net


Copyright 2024, cxsecurity.com

 

Back to Top