CVE-2009-4367
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
21/12/2009
Last modified:
09/04/2025
Description
The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sitecore:staging_module:*:080625:*:*:*:*:*:* | 5.4.0 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://osvdb.org/61147
- http://secunia.com/advisories/37763
- http://www.exploit-db.com/exploits/10513
- http://www.securityfocus.com/archive/1/508529/100/0/threaded
- http://www.securityfocus.com/bid/37388
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54881
- https://www.sec-consult.com/files/20091217-0_sitecore_StagingModule_1.0.txt
- http://osvdb.org/61147
- http://secunia.com/advisories/37763
- http://www.exploit-db.com/exploits/10513
- http://www.securityfocus.com/archive/1/508529/100/0/threaded
- http://www.securityfocus.com/bid/37388
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54881
- https://www.sec-consult.com/files/20091217-0_sitecore_StagingModule_1.0.txt