Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
OrckestraC1 Cms*

4 matches found

CVE
CVEadded 2019/12/23 11:15 p.m.133 views

CVE-2019-18211

An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user.

8.8CVSS9.1AI score0.02812EPSS
CVE
CVEadded 2022/03/28 10:15 p.m.103 views

CVE-2022-24789

C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also tr...

7.6CVSS7.4AI score0.00213EPSS
CVE
CVEadded 2022/09/27 3:15 p.m.71 views

CVE-2022-39256

Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the...

9CVSS8AI score0.01445EPSS
CVE
CVEadded 2021/11/15 4:15 p.m.35 views

CVE-2021-34992

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of proper validation of user-supplied dat...

8.8CVSS9AI score0.21136EPSS