Unauthenticated Command Injection Vulnerability in Sitecore Rocks Plugin

Unauthenticated Command Injection Vulnerability in Sitecore Rocks Plugin

CVE-2019-12440 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an unauthenticated threat actor to inject malicious commands and code via the Sitecore Rocks Hard Rocks Service.

Learn more about our Web Application Penetration Testing UK.