CVE-2019-18211

Published December 23rd, 2019

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

6.5

MEDIUM

Affected

PROJECT

Description

An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user.

Orckestra/C1-CMS-Foundation

C1 CMS Foundation - .NET based, open source and a bundle of joy!

GitHub

261