CVE-2022-39256
9
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. This issue is patched in C1 CMS v6.13. There are no known workarounds.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Orckestra | C1-CMS-Foundation | < 6.13 | affected |
Weaknesses
- CWE-502: CWE-502: Deserialization of Untrusted Data
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/Orckestra/C1-CMS-Foundation/security/advisories/GHSA-gfhp-jgp6-838j
- https://github.com/Orckestra/C1-CMS-Foundation/pull/814
- https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.13
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://github.com/Orckestra/C1-CMS-Foundation/security/advisories/GHSA-gfhp-jgp6-838j
- https://github.com/Orckestra/C1-CMS-Foundation/pull/814
- https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.13
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.