CVE-2015-8814: Cross-Site Request Forgery (CSRF)

May 17, 2022 (updated August 3, 2023)

Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file.

References

www.openwall.com/lists/oss-security/2016/02/16/10
github.com/advisories/GHSA-5f6p-4hxq-rjxm
github.com/umbraco/Umbraco-CMS/commit/18c3345e47663a358a042652e697b988d6a380eb
nvd.nist.gov/vuln/detail/CVE-2015-8814
web.archive.org/web/20230608152113/https://issues.umbraco.org/issue/U4-7459

Code Behaviors & Features

Detect and mitigate CVE-2015-8814 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →