Umbraco: >> Umbraco >> 7.3.8 Security Vulnerabilities
In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-10-02
Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-03-03