Vulnerability in EPiServer.Forms
I have a site where EPiServer seems to try to write to a temp version of web.config when trying to save changes made in Admin mode (more specifically when turning off globalization, but probably not limited to this action)
The error message reads:
"Access to the path 'c:\<mywebsitepath>z7dgro2u.newcfg' was denied"
EPiServer creates a whole lot of these temp .newcfg files in the root folder of my site.
(Occurred in both EPiServer CMS 5.2 SP1 and SP2. )
I have the same problem!
Anyone found a solution for this yet?
(Using EPiServer CMS 6, iis7)
Since EPiServer CMS 5 we are using the built in configuration management classes in .NET. Unfortunately these classes use temp files when saving the configuration file(s) and thus the application requires write access for the process user to the web sites root directory (and not only the web.config file) in order to update the configuration file(s).
RegardsLinus EkströmEPiServer Development Team