CVE-2017-15280

Name of the Vulnerable Software and Affected Versions Umbraco CMS versions prior to 7.7.3

Description The issue allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts, also known as Server-Side Request Forgery (SSRF). This is related to the file Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs.

Recommendations For Umbraco CMS versions prior to 7.7.3, update to version 7.7.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the importDocumenttype.aspx.cs file to minimize the risk of exploitation.