Vulnerabilities > Umbraco > Umbraco CMS > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-07-13 CVE-2023-37267 Unspecified vulnerability in Umbraco CMS
Umbraco is a ASP.NET CMS.
network
low complexity
umbraco
critical
9.8
2018-08-27 CVE-2014-10074 Unrestricted Upload of File with Dangerous Type vulnerability in Umbraco CMS
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files.
network
low complexity
umbraco CWE-434
critical
9.8
2017-04-13 CVE-2012-1301 Improper Input Validation vulnerability in Umbraco CMS 4.7.0
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.
network
low complexity
umbraco CWE-20
critical
9.8