CVE-2024-48927
published 2024-10-22CVE-2024-48927: Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to…
PriorityP428medium4.6CVSS 3.1
AVNACLPRLUIRSUCLILAN
EPSS
0.43%
34.3th percentile
Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode. Versions 13.5.2, 10.8,7, and 8.18.15 contain a patch for the issue. As a workaround, derver-side file validation is available to strip script tags from file's content during the file upload process.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| umbraco | umbraco-cms | — | — |
| umbraco | umbraco-cms | — | — |
| umbraco | umbraco-cms | — | — |
| umbraco | umbraco_cms | >= 10.0 < 10.8.7 | 10.8.7 |
| umbraco | umbraco_cms | >= 13.0 < 13.5.2 | 13.5.2 |
| umbraco | umbraco_cms | >= 8.0 < 8.18.15 | 8.18.15 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
ghsa·2024-10-22
CVE-2024-48927 [MEDIUM] CWE-74 Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
### Impact
There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode.
### Workarounds
Server-side file validation is available to strip script tags from file's content during the file upload process.
OSV
Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
osv·2024-10-22
CVE-2024-48927 [MEDIUM] Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice
### Impact
There is a potential risk of code execution for Backoffice users when they “preview” SVG files in full screen mode.
### Workarounds
Server-side file validation is available to strip script tags from file's content during the file upload process.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-22
Published