PT-2017-5081 · Umbraco · Umbraco
Florent Daigniere
·
Publicado
2017-04-13
·
Atualizado
2020-06-11
·
CVE-2012-1301
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Umbraco version 4.7.0
Description:
The issue allows remote attackers to proxy requests on their behalf. This is achieved via the
url parameter in the FeedProxy.aspx script.Recommendations:
For Umbraco version 4.7.0, consider restricting access to the FeedProxy.aspx script to minimize the risk of exploitation. Avoid using the
url parameter in the FeedProxy.aspx script until the issue is resolved.Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Umbraco