Vulnerabilities > Umbraco > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-07-13 CVE-2023-37267 Unspecified vulnerability in Umbraco CMS
Umbraco is a ASP.NET CMS.
network
low complexity
umbraco
critical
9.8
2023-02-24 CVE-2021-33224 Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco Forms 8.7.0
File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file.
network
low complexity
umbraco CWE-434
critical
9.8
2021-08-25 CVE-2021-37334 Unspecified vulnerability in Umbraco Forms
Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion.
network
low complexity
umbraco
critical
9.8
2019-10-02 CVE-2019-13957 SQL Injection vulnerability in Umbraco 7.3.8
In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.
network
low complexity
umbraco CWE-89
critical
9.8
2018-08-27 CVE-2014-10074 Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco CMS
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files.
network
low complexity
umbraco CWE-434
critical
9.8
2017-04-13 CVE-2012-1301 Improper Input Validation vulnerability in Umbraco CMS 4.7.0
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.
network
low complexity
umbraco CWE-20
critical
9.8