VYPR
Unrated severityNVD Advisory· Published Dec 27, 2014· Updated Jun 16, 2026

CVE-2013-4793

CVE-2013-4793

Description

The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request.

Affected products

2
  • cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:umbraco:umbraco_cms:*:*:*:*:*:*:*:*range: <=6.0.3
    • (no CPE)range: <6.0.4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.