cbcvebase.
CVE-2015-8813
published 2017-03-03

CVE-2015-8813: The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct…

high8.2CVSS 3.0
AVNACLPRNUIRSCCLIHAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
11.59%
95.5th percentile
The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.

Detection & IOCsextracted from sources · hover to see the quote

url/Umbraco/feedproxy.aspx?url=http://{{interactsh-url}}
path/Umbraco/feedproxy.aspx
pathUmbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs
  • Detect SSRF exploitation attempts by monitoring HTTP GET requests to /Umbraco/feedproxy.aspx with a 'url' query parameter pointing to internal/external hosts.
  • Use an out-of-band (OAST/interactsh) callback to confirm exploitation — a successful SSRF will trigger an outbound HTTP interaction from the server.
  • Flag requests where the 'url' parameter in feedproxy.aspx targets loopback/internal addresses (e.g., 127.0.0.1) to detect internal network probing.
  • Only one HTTP GET request is needed to trigger the vulnerability — low-noise, single-request attack pattern.
  • ·The vulnerability affects Umbraco versions prior to 7.4.0 only; patched installations are not affected.
  • ·No authentication is required to exploit this endpoint — the SSRF is reachable by unauthenticated remote attackers.

CVSS provenance

nvdv3.08.2HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
cvelistv58.2HIGH
vulncheck8.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.