CVE-2015-8813
HIGH EXPLOITED NUCLEIUmbraco < 7.4.0 - Server-Side Request Forgery via FeedProxy URL Parameter
Title source: llmExploitation Summary
CVE-2015-8813 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.
Nuclei Templates (1)
Umbraco <7.4.0- Server-Side Request Forgery
HIGHby emadshanab
References (6)
Core 6
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/02/17/1
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/02/18/8
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/02/17/5
Patch, Vendor Advisory x_refsource_confirm
https://github.com/umbraco/Umbraco-CMS/commit/924a016ffe7ae7ea6d516c07a7852f0095eddbce
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/02/16/10
Issue Tracking x_refsource_confirm
http://issues.umbraco.org/issue/U4-7457
Scores
CVSS v3
8.2
EPSS
0.8280
EPSS Percentile
99.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
Details
VulnCheck KEV
2024-09-19
CWE
CWE-918
Status
published
Products (2)
nuget/Umbraco.CMS
0 - 7.4.0NuGet
umbraco/umbraco
< 7.3.8
Published
Mar 03, 2017
Tracked Since
Feb 18, 2026