Umbraco » Umbraco Cms : Security Vulnerabilities, CVEs, (Gain Privilege)
Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.
Max CVSS
9.8
EPSS Score
0.07%
Published
2023-07-13
Updated
2023-07-25
The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request.
Max CVSS
7.5
EPSS Score
0.60%
Published
2014-12-27
Updated
2014-12-30
2 vulnerabilities found