CSRF Vulnerability in Umbraco CMS Affects User Account Security
CVE-2015-8814

8.8HIGH

Key Information:

Vendor

Umbraco

Status
Umbraco
Vendor
CVE Published:
3 March 2017

What is CVE-2015-8814?

Umbraco CMS versions prior to 7.4.0 are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability, allowing remote attackers to bypass anti-forgery security measures. This flaw can enable unauthorized individuals to manipulate user accounts by modifying sensitive information through the templates.asmx.cs file. It represents a significant risk, as attackers can leverage this vulnerability to perform actions on behalf of legitimate users without their consent.

References

http://issues.umbraco.org/issue/U4-7459
x_refsource_CONFIRM
https://github.com/umbraco/Umbraco-CMS/commit/18c3345e476...
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/02/16/10
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.