Vulnerabilities > Umbraco > Umbraco > 7.3.8

DATE CVE VULNERABILITY TITLE RISK
2019-10-02 CVE-2019-13957 SQL Injection vulnerability in Umbraco 7.3.8
In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.
network
low complexity
umbraco CWE-89
7.5
7.5
2017-03-03 CVE-2015-8814 Cross-Site Request Forgery (CSRF) vulnerability in Umbraco 7.3.8
Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file.
network
umbraco CWE-352
6.8
6.8