vendor:
Sitecore CMS
by:
L. Weichselbaum / SEC Consult
9
CVSS
CRITICAL
Authentication Bypass
N/A
CWE
Product Name: Sitecore CMS
Affected Version From: Sitecore Staging Module <= 5.4.0 rev.080625
Affected Version To: Staging 5.4.0 rev.091111
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Authentication bypass and file manipulation in Sitecore Staging Module
The Staging Webservice (normally found in "/sitecore modules/staging/ service/api.asmx") used for transmitting files between the Sitecore Master and Slave Server is vulnerable to authentication bypass and therefore files can be uploaded in arbitrary directories on the server, files can be downloaded from arbitrary directories on the server, directory listings of the whole server can be received and the webserver cache can be deleted. An attacker is able to upload a shell, delete the webserver cache and execute arbitrary code on the server.
Mitigation:
Update to the latest version of Sitecore Staging Module (5.4.0 rev.091111)