3 matches found
Sitecore 8.x Deserialization Remote Code Execution
Exploit Title: Sitecore v 8.x Deserialization RCE Date: Reported to vendor October 2018, fix released April 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.sitecore.com/ Software Link: Sitecore downloads: https://dev.sitecore.net/Downloads.aspx Version: Sitecore 8.0 Revision 150802...
Sitecore 8.x - Deserialization Remote Code Execution
Exploit Title: Sitecore v 8.x Deserialization RCE Date: Reported to vendor October 2018, fix released April 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.sitecore.com/ Software Link: Sitecore downloads: https://dev.sitecore.net/Downloads.aspx Version: Sitecore 8.0 Revision 150802...
CVE-2019-11080
Sitecore Experience Platform (XP) prior to 9.1.1 is affected by a deserialization-based remote code execution vulnerability (CVE-2019-11080). An authenticated user with the required permissions can remotely execute OS commands by sending a crafted serialized object. Public sources (including Red ...