Lucene search

K

4 matches found

CVE
CVE
added 2019/12/23 11:15 p.m.133 views

CVE-2019-18211

An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user.

8.8CVSS9.1AI score0.02812EPSS
CVE
CVE
added 2022/03/28 10:15 p.m.103 views

CVE-2022-24789

C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also tr...

7.6CVSS7.4AI score0.00213EPSS
CVE
CVE
added 2022/09/27 3:15 p.m.71 views

CVE-2022-39256

Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the...

9CVSS8AI score0.01445EPSS
CVE
CVE
added 2021/11/15 4:15 p.m.35 views

CVE-2021-34992

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of proper validation of user-supplied dat...

8.8CVSS9AI score0.21136EPSS