The developers of Umbraco, the open-source content management system (CMS) platform, are notifying customers about a vulnerability in the integration web services of Umbraco. All Umbraco versions are said to be affected by the security hole.“During one of our regular security audits of the core, a severe security vulnerability was found in the integration web services of Umbraco and we recommend everyone to take immediate action to prevent any exploit,” read the emails sent out to users.
According to Niels Hartvig, the founder of Umbraco, more details will be made available in a few weeks after users update their installations. In the meantime, customers are advised to remove the “/bin/umbraco.webservices.dll” file from their installations.
“This will not affect the daily use of your Umbraco installation. It *might* affect integration with your Umbraco installation, but less than 1% use the integration web services,” Hartvig explained.