CVE-2015-8813
HIGH8.2EPSS 82.8%Umbraco CMS vulnerable to CSRF
發布日:2022/5/17修改日:2023/11/8
描述
The `Page_Load` function in [Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs](https://github.com/umbraco/Umbraco-CMS/commit/924a016ffe7ae7ea6d516c07a7852f0095eddbce#diff-2899f01df84571577834f97a81637c65e20178ec6129b76c02f99789b23cf72e) in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.
受影響套件(1)
- NuGet/Umbraco.CMSfrom 0, < 7.4.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.2 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N |
參考連結(7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-8813
- WEBhttps://github.com/umbraco/Umbraco-CMS/commit/924a016ffe7ae7ea6d516c07a7852f0095eddbce
- WEBhttps://web.archive.org/web/20230608160721/https://issues.umbraco.org/issue/U4-7457
- WEBhttp://www.openwall.com/lists/oss-security/2016/02/16/10
- WEBhttp://www.openwall.com/lists/oss-security/2016/02/17/1
- WEBhttp://www.openwall.com/lists/oss-security/2016/02/17/5
- WEBhttp://www.openwall.com/lists/oss-security/2016/02/18/8