AI Score
Confidence
High
EPSS
Percentile
88.0%
Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.
dev.sitecore.net/Downloads.aspx
www.synacktiv.com/blog.html
www.synacktiv.com/ressources/advisories/Sitecore_CSRF_deserialize_RCE.pdf