cbcvebase.
CVE-2023-37267
published 2023-07-13

CVE-2023-37267: Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was…

PriorityP351critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.60%
44.0th percentile
Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.

Affected

6 ranges
VendorProductVersion rangeFixed in
umbracoumbraco-cms
umbracoumbraco-cms
umbracoumbraco-cms
umbracoumbraco_cms>= 10.0.0 < 10.6.110.6.1
umbracoumbraco_cms>= 11.0.0 < 11.4.211.4.2
umbracoumbraco_cms>= 12.0.0 < 12.0.112.0.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.