CVE-2015-8814

描述

Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the `templates.asmx.cs` file.

受影響套件(1)

• NuGet/Umbraco.CMSfrom 0, < 7.4.0

CVSS 分數

參考連結(4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-8814
• WEBhttps://github.com/umbraco/Umbraco-CMS/commit/18c3345e47663a358a042652e697b988d6a380eb
• WEBhttps://web.archive.org/web/20230608152113/https://issues.umbraco.org/issue/U4-7459
• WEBhttp://www.openwall.com/lists/oss-security/2016/02/16/10