Miggo Logo

CVE-2015-8813: Umbraco CMS vulnerable to CSRF

8.2

CVSS Score
3.0

Basic Information

EPSS Score
0.99215%
Published
5/17/2022
Updated
8/12/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
Umbraco.CMSnuget< 7.4.07.4.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the Page_Load function in FeedProxy.aspx.cs, which handled the 'url' parameter. The pre-patch code validated the host via an XML allowlist but did not restrict the port. The commit 924a016 added a 'requestUri.Port == 80' check to mitigate this. The absence of port validation in the original implementation allowed SSRF via non-80 ports, as confirmed by the CVE description and exploit examples targeting ports 25/8080.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** `P***_Lo**` *un*tion in [Um*r**o.W**/um*r**o.pr*s*nt*tion/um*r**o/**s**o*r*/****Proxy.*spx.*s](*ttps://*it*u*.*om/um*r**o/Um*r**o-*MS/*ommit/****************************************#*i**-***********************************************************

Reasoning

T** vuln*r**ility st*ms *rom t** `P***_Lo**` *un*tion in `****Proxy.*spx.*s`, w*i** **n*l** t** 'url' p*r*m*t*r. T** pr*-p*t** *o** v*li**t** t** *ost vi* *n XML *llowlist *ut *i* not r*stri*t t** port. T** *ommit `*******` ***** * 'r*qu*stUri.Port =