Vulnerability Details CVE-2015-8814
Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- http://issues.umbraco.org/issue/U4-7459
- http://www.openwall.com/lists/oss-security/2016/02/16/10
- https://github.com/umbraco/Umbraco-CMS/commit/18c3345e47663a358a042652e697b988d6a380eb
- http://issues.umbraco.org/issue/U4-7459
- http://www.openwall.com/lists/oss-security/2016/02/16/10
- https://github.com/umbraco/Umbraco-CMS/commit/18c3345e47663a358a042652e697b988d6a380eb