10 matches found
EUVD-2024-1056
Malicious code in bioql PyPI...
CVE-2024-32872
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection due to a particular API endpoint modification by authenticated backoffice users, which allows the inclusion and execution of arbitrary SQL commands without proper sanitization or validation. An attacker can manipulate...
Umbraco Workflow's Backoffice users can execute arbitrary SQL
Impact Backoffice users can execute arbitrary SQL. Explanation of the vulnerability A Backoffice user can modify requests to a particular API endpoint to include SQL which will be executed by the server. Affected versions All versions Patches Workflow 10.3.9, 12.2.6, 13.0.6, Plumber 10.1.2...
CVE-2024-32872
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...
CVE-2024-32872
Umbraco Workflow (and Plumber) are affected by an SQL injection vulnerability where a Backoffice user can modify requests to a specific API endpoint to inject SQL that is executed on the server. Affected versions prior to fixed releases include Umbraco Workflow 10.3.9, 12.2.6, and 13.0.6, and Plu...
CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...
CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...
CVE-2024-32872 Umbraco Workflow's Backoffice users can execute arbitrary SQL
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6,...
PT-2024-24928 · Umbraco · Umbraco Workflow
Name of the Vulnerable Software and Affected Versions: Umbraco Workflow versions prior to 10.3.9 Umbraco Workflow versions prior to 12.2.6 Umbraco Workflow versions prior to 13.0.6 Description: The issue allows an Umbraco Backoffice user to modify requests to a particular API endpoint to include...