CNNVD-202506-3108 Information
CNNVD ID
CNNVD-202506-3108
Related CVE
- CNNVD Published: 2025-06-24
Description (Chinese)
Umbraco是丹麦Umbraco公司的一套C#编写的开源的内容管理系统(CMS)。 Umbraco 10.0.0至10.8.10版本和13.0.0至13.9.1版本存在安全漏洞,该漏洞源于通过匿名认证端点可检索配置的密码要求信息,可能有助于暴力破解。
Description (English)
Umbraco is an open-source content management system (CMS) developed by the Danish company Umbraco. There is a security loophole in the Umbraco 10.0.0 to 10.8.10 and 13.0.0 to 13.9.1, which stems from the fact that configured password-required information can be retrieved through the anonymous authentication endpoint, which may facilitate violent cracking.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Umbraco
Published
2025-06-24
Last Modified
2026-02-24
References
https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-pgvc-6h2p-q4f6 https://github.com/umbraco/Umbraco-CMS/commit/b4144564c836ec6929111ce2a12eb1f67b42d61e https://github.com/umbraco/Umbraco-CMS/commit/d8f68d2c40f8e158bd81d469f25ef3a4e1d86c4c https://access.redhat.com/security/cve/cve-2025-49147
Patch
https://github.com/umbraco/Umbraco-CMS/releases
Share on: