Umbraco.Workflow.Issues
Approved changes feed: RSS · Atom
cpe:2.3:a:umbraco:umbraco.workflow.issues:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Umbraco (89be0333-81fe-5eb9-9281-55a77e50e27f) |
|---|---|
| Product | Umbraco.Workflow.Issues (c8ab0984-f3ae-5a5a-a2f7-a24453cb6029) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-32872 |
vulnerable | 2026-06-08 06:37:24.618140 |
Umbraco Workflow's Backoffice users can execute arbitrary SQL
MEDIUM (5.5)
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow versions 10.3.9, 12.2.6, 13.0.6, as well as Umbraco Plumber version 10.1.2, contain a patch for this issue.
Published: 2024-04-24T14:46:28.239Z
Updated: 2024-08-02T02:20:35.662Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.