Umbraco is a free and open source .NET content management system. Authenticated users to the Umbraco backoffice are able to craft management API request that exploit a path traversal vulnerability to upload files into a incorrect location. The issue affects Umbraco 14+ and is patched in 14.3.4 and 15.3.1.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HUmbraco Cms
APPUmbraco14.0.0 – 14.3.4 (bez)15.0.0 – 15.3.1 (bez)
Powiązane podatności
Umbraco CMS — arbitrary file upload umożliwiający RCE przez plik PDF
Umbraco CMS – nieuwierzytelniony RCE przez upload pliku ASPX
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettin...
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "...
Umbraco is an ASP.NET CMS. From 15.3.1 to before 16.5.1 and 17.2.2, A privilege escalation vulnerability has b...