Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2019-25137

Description

Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.

POC

Reference

- https://0xdf.gitlab.io/2020/09/05/htb-remote.html

- https://github.com/Ickarah/CVE-2019-25137-Version-Research

- https://github.com/noraj/Umbraco-RCE

- https://www.exploit-db.com/exploits/46153

Github

- https://github.com/Ickarah/CVE-2019-25137-Version-Research

- https://github.com/dact91/CVE-2019-25137-RCE

- https://github.com/plzheheplztrying/cve_monitor