An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/Orckestra/C1-CMS-Foundation/commits/dev |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-12-23T22:13:58
Updated: 2024-08-05T01:47:14.103Z
Reserved: 2019-10-19T00:00:00
Link: CVE-2019-18211
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-12-23T23:15:12.177
Modified: 2024-11-21T04:32:50.413
Link: CVE-2019-18211
Redhat
No data.