Risk | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2012-1301 |
CWE-ID | CWE-20 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Umbraco CMS Web applications / CMS |
Vendor | Umbraco |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU39190
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2012-1301
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.
MitigationInstall update from vendor's website.
Vulnerable software versionsUmbraco CMS: 4.7.0
External linkshttp://www.securityfocus.com/archive/1/522218
http://www.securityfocus.com/bid/52912
http://www.trustmatta.com/advisories/MATTA-2012-001.txt
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.