4 matches found
CVE-2022-30981
An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution...
CVE-2022-30981
An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution...
CVE-2022-30981
The provided Connected documents identify a concrete vulnerability: Gentics CMS prior to 5.43.1 is vulnerable to arbitrary data deserialization (via uploading a malicious ZIP file), which can potentially lead to Java code execution. The root cause is unsafe Java deserialization during ZIP upload....
Gentics CMS 5.36.29 Cross Site Scripting / Deserialization
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross-Site Scripting & Unsafe Java Deserializiation product: Gentics CMS vulnerable version: 5.36.29, see section below fixed version: 5.40.27, 5.41.15, 5.42.7,...