Server-Side Request Forgery Vulnerability in Umbraco by Umbraco
CVE-2015-8813

8.2HIGH

Key Information:

Vendor

Umbraco

Status
Umbraco
Vendor
CVE Published:
3 March 2017

What is CVE-2015-8813?

The Page_Load function in Umbraco's dashboard components prior to version 7.4.0 is vulnerable to server-side request forgery (SSRF) attacks. By manipulating the 'url' parameter, remote attackers can leverage this vulnerability to send unauthorized requests from the server, potentially leading to sensitive data exposure or further exploitation of internal network services. It's crucial for users and administrators to update to the latest version to mitigate these risks and safeguard their applications from exploitation.

References

http://issues.umbraco.org/issue/U4-7457
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/02/17/1
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2016/02/18/8
mailing-listx_refsource_MLIST

EPSS Score

83% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.