This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects an attempt to upload arbitrary files in Umbraco CMS which may result in remote code execution.
Umbraco CMS is an ASP-based content manager.
The application is prone to a vulnerability that lets attackers upload arbitrary files. This issue occurs because it fails to properly authorize users before allowing them to access the 'codeEditorSave.asmx' script. Attackers can use the 'SaveDLRScript' SOAP action of this script to upload malicious script files on the application.
An attacker can exploit this vulnerability to upload arbitrary code and run it in the context of the web server process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.