3 matches found
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management due to insufficient authorization enforcement when modifying user group memberships. An attacker can gain higher-level privileges by assigning highly privileged roles without proper validation of their own...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal due to the handling of TemporaryFileOperationStatus in TemporaryFileControllerBase.cs and TemporaryFileService.cs. An attacker can upload files to unintended locations to cause disruption of service to other user...
XML External Entity (XXE) Injection
Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to XML External Entity XXE Injection via importDocumenttype.aspx.cs. Exploiting this vulnerability allows the attacker to obtain sensitive information by reading files on the server or sending TCP request...