Trustwave Uncovers Vulnerability in Popular Website CMS
Cybersecurity firm Trustwave has uncovered a vulnerability in the website CMS, Umbraco. The organization posted about the bug, which is a privilege escalation issue, on their website earlier this week. The flaw allows for low privileged users to elevate themselves to the status of admin and reap associated benefits and control.
According to researchers, the bug exists in an API endpoint that fails to properly authorize users prior to returning results found during the search to the application’s logging section. Trustwave, the organization that discovered the flaw, states that the vulnerability could lead to privilege escalation, data breaches, or other harmful occurrences.