CVE-2019-9874
CVE-2019-9874 affects Sitecore CMS 7.0–7.2 and Sitecore XP 7.5–8.2 via the Sitecore.Security.AntiCSRF deserialization module. An unauthenticated attacker can trigger remote code execution by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN**, exploiting untrusted data deser...