An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-12-23T22:13:58

Updated: 2024-08-05T01:47:14.103Z

Reserved: 2019-10-19T00:00:00

Link: CVE-2019-18211

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-12-23T23:15:12.177

Modified: 2024-11-21T04:32:50.413

Link: CVE-2019-18211

cve-icon Redhat

No data.