CVE-2021-47776 Umbraco v8.14.1 - 'baseUrl' SSRF

Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests to the GetContextHelpForPage, GetRemoteDashboardContent, and...

CVE-2019-13957

In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the IsAuthorized function in ContentPermissionsQueryStringHandler.cs and MediaPermissionsQueryStringHandler.cs. A user with Editor permissions can retrieve or delete content and media of other users by passing...

Umbraco 信息泄露漏洞

Umbraco is an open source content management system CMS written in C from Umbraco, Denmark. An information disclosure vulnerability exists in Umbraco version 14.0.0 and earlier, which stems from the ability to determine the existence of an account based on an analysis of the response code and the...

PT-2024-22688

Name of the Vulnerable Software and Affected Versions Umbraco versions 13.0.0 through 13.1.0 Description The issue concerns the availability of failing webhooks logs when the solution is not in debug mode, potentially containing critical information. Recommendations For Umbraco versions 13.0.0...