CSRF Vulnerability in Umbraco CMS Affects User Account Security
CVE-2015-8814

8.8HIGH

Key Information:

Vendor

Umbraco

Status
Vendor
CVE Published:
3 March 2017

What is CVE-2015-8814?

Umbraco CMS versions prior to 7.4.0 are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability, allowing remote attackers to bypass anti-forgery security measures. This flaw can enable unauthorized individuals to manipulate user accounts by modifying sensitive information through the templates.asmx.cs file. It represents a significant risk, as attackers can leverage this vulnerability to perform actions on behalf of legitimate users without their consent.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.