Server-Side Request Forgery Vulnerability in Umbraco by Umbraco
CVE-2015-8813
8.2HIGH
What is CVE-2015-8813?
The Page_Load function in Umbraco's dashboard components prior to version 7.4.0 is vulnerable to server-side request forgery (SSRF) attacks. By manipulating the 'url' parameter, remote attackers can leverage this vulnerability to send unauthorized requests from the server, potentially leading to sensitive data exposure or further exploitation of internal network services. It's crucial for users and administrators to update to the latest version to mitigate these risks and safeguard their applications from exploitation.
References
EPSS Score
83% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
8.2
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved