Количество 2
Количество 2
CVE-2024-32872
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6, 13.0.6, as well as Umbraco Plumber version 10.1.2, contain a patch for this issue.
GHSA-287f-46j7-j4wh
Umbraco Workflow's Backoffice users can execute arbitrary SQL
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-32872 Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6, 13.0.6, as well as Umbraco Plumber version 10.1.2, contain a patch for this issue. | CVSS3: 5.5 | 0% Низкий | больше 1 года назад |
| GHSA-287f-46j7-j4wh Umbraco Workflow's Backoffice users can execute arbitrary SQL | CVSS3: 5.5 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу