CVE-2015-8813

Name of the Vulnerable Software and Affected Versions Umbraco versions prior to 7.4.0

Description The issue allows remote attackers to conduct server-side request forgery (SSRF) attacks. This is achieved via the url parameter in the Page Load function. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.

Recommendations For versions prior to 7.4.0, update to version 7.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the FeedProxy.aspx.cs file or disabling the Page Load function until a patch is available. Avoid using the url parameter in the affected API endpoint until the issue is resolved.