CVE-2019-13957

Name of the Vulnerable Software and Affected Versions Umbraco version 7.3.8

Description The issue concerns SQL Injection in the backoffice, specifically in the GetInpectSearch method of PageWApproveApi. This occurs via the nodeName parameter.

Recommendations For Umbraco version 7.3.8, consider restricting access to the GetInpectSearch method of PageWApproveApi to minimize the risk of exploitation. Avoid using the nodeName parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.