CVE-2022-39256

Опубликовано: 27 сент. 2022

Источник: nvd

CVSS3: 9

CVSS3: 8

EPSS Низкий

Описание

Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. This issue is patched in C1 CMS v6.13. There are no known workarounds.

Ссылки

https://github.com/Orckestra/C1-CMS-Foundation/pull/814
Patch
Third Party Advisory
https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.13
Release Notes
Third Party Advisory
https://github.com/Orckestra/C1-CMS-Foundation/security/advisories/GHSA-gfhp-jgp6-838j
Third Party Advisory
https://github.com/Orckestra/C1-CMS-Foundation/pull/814
Patch
Third Party Advisory
https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.13
Release Notes
Third Party Advisory
https://github.com/Orckestra/C1-CMS-Foundation/security/advisories/GHSA-gfhp-jgp6-838j
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:orckestra:c1_cms:*:*:*:*:*:*:*:*

Версия до 6.13 (исключая)

EPSS

Процентиль: 84%

0.02068

Низкий

9 Critical

CVSS3

8 High

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-gfhp-jgp6-838j

CVSS3: 9

github

больше 3 лет назад

Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution.

EPSS

Процентиль: 84%

0.02068

Низкий

9 Critical

CVSS3

8 High

CVSS3

Дефекты

CWE-502