Vulnerabilities > Umbraco > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-13 | CVE-2023-37267 | Unspecified vulnerability in Umbraco CMS Umbraco is a ASP.NET CMS. | 9.8 |
2023-02-24 | CVE-2021-33224 | Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco Forms 8.7.0 File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file. | 9.8 |
2021-08-25 | CVE-2021-37334 | Unspecified vulnerability in Umbraco Forms Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. | 9.8 |
2019-10-02 | CVE-2019-13957 | SQL Injection vulnerability in Umbraco 7.3.8 In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter. | 9.8 |
2018-08-27 | CVE-2014-10074 | Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco CMS Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files. | 9.8 |
2017-04-13 | CVE-2012-1301 | Improper Input Validation vulnerability in Umbraco CMS 4.7.0 The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter. | 9.8 |