What is CVE-2012-10054?

CVE-2012-10054 is a vulnerability in Umbraco Cms, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-13.

Is CVE-2012-10054 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Umbraco Cms

CVE-2012-10054

Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By e…

Vulnerability class: Unrestricted File Upload

EPSS: 0.759 (98.9th percentile) — read the EPSS interpretation.

Affected products

Umbraco Cms — versions 0

Weakness classification (CWE)

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/w… (exploit)
www.exploit-db.com/exploits/19671 (exploit)
web.archive.org/web/20120707033729/http://blog.gdssecurity.com/labs/2012/7/3/fi… (technical-description, exploit)
github.com/umbraco/Umbraco-CMS (product)
web.archive.org/web/20111017174609/http://umbraco.codeplex.com/releases/view/73… (vendor-advisory, patch)
www.vulncheck.com/advisories/umbraco-cms-rce (third-party-advisory)

Frequently asked questions

What is CVE-2012-10054?: CVE-2012-10054 is a vulnerability in Umbraco Cms, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-13.
Is CVE-2012-10054 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.