SB2017041315 - Input validation error in Umbraco CMS 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017041315

SB2017041315 - Input validation error in Umbraco CMS

Published: April 13, 2017 Updated: August 8, 2020

Security Bulletin ID SB2017041315
Severity
High
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Input validation error (CVE-ID: CVE-2012-1301)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.


Remediation

Install update from vendor's website.

References