Описание
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6, 13.0.6, as well as Umbraco Plumber version 10.1.2, contain a patch for this issue.
EPSS
Процентиль: 15%
0.0005
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 5.5
github
больше 1 года назад
Umbraco Workflow's Backoffice users can execute arbitrary SQL
EPSS
Процентиль: 15%
0.0005
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-89