Описание
An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user.
Уязвимые конфигурации
Конфигурация 1Версия до 6.6 (включая)
cpe:2.3:a:orckestra:c1_cms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02812
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-502
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user.
EPSS
Процентиль: 86%
0.02812
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-502