Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution.
Vulnerability Description
Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. This issue is patched in C1 CMS v6.13. There are no known workarounds.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Orckestra C1 CMS 代码问题漏洞
Vulnerability Description
Orckestra C1 CMS是一套基于.NET的开源Web内容管理系统(CMS)。 Orckestra C1 CMS 6.13之前版本存在代码问题漏洞。攻击者利用该漏洞可以执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A