CVE-2017-15280 – umbracocms.web

Package

Manager: nuget
Name: umbracocms.web
Vulnerable Version: >=0 <7.7.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00193 pctl0.41382

Details

Umbraco CMS XXE Vulnerability XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to `Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs`.

Metadata

Created: 2022-05-17T00:30:20Z
Modified: 2023-10-23T17:24:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-h2vq-7gf2-qw9v/GHSA-h2vq-7gf2-qw9v.json
CWE IDs: ["CWE-611"]
Alternative ID: GHSA-h2vq-7gf2-qw9v
Finding: F083
Auto approve: 1