CVE-2021-47776

MEDIUM5.3EPSS 0.02%

Umbraco CMS contains a server-side request forgery vulnerability

發布日:2026/1/15修改日:2026/2/3

描述

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and GetRemoteDashboardCss endpoints to trigger unauthorized server-side requests to external hosts.

受影響套件(1)

NuGet/UmbracoCms

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-47776
PATCHhttps://github.com/umbraco/Umbraco-CMS
WEBhttps://our.umbraco.com
WEBhttps://releases.umbraco.com/all-releases
WEBhttps://www.exploit-db.com/exploits/50462