Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6, 13.0.6, as well as Umbraco Plumber version 10.1.2, contain a patch for this issue.
References
Configurations
No configuration.
History
24 Apr 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-24 15:15
Updated : 2024-04-24 17:16
NVD link : CVE-2024-32872
Mitre link : CVE-2024-32872
CVE.ORG link : CVE-2024-32872
JSON object : View
Products Affected
No product.
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')