PT-2017-5081 · Umbraco · Umbraco
Florent Daigniere
·
Published
2017-04-13
·
Updated
2020-06-11
·
CVE-2012-1301
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Umbraco version 4.7.0
Description:
The issue allows remote attackers to proxy requests on their behalf. This is achieved via the
url parameter in the FeedProxy.aspx script.Recommendations:
For Umbraco version 4.7.0, consider restricting access to the FeedProxy.aspx script to minimize the risk of exploitation. Avoid using the
url parameter in the FeedProxy.aspx script until the issue is resolved.Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Umbraco