SQL Injection Vulnerability in Umbraco Workflow by Umbraco
CVE-2024-32872
Currently unrated
What is CVE-2024-32872?
Umbraco Workflow, a tool for managing workflows within the Umbraco content management system, was found to have a vulnerability that allows an attacker with access to the Umbraco Backoffice to modify requests sent to a specific API endpoint. This modification can result in SQL code being executed on the server, posing significant risks to data integrity and confidentiality. The issue has been addressed in versions 10.3.9, 12.2.6, and 13.0.6 of Umbraco Workflow, along with a patch provided for Umbraco Plumber version 10.1.2, emphasizing the need for updates to mitigate associated risks.