Unrated severityNVD Advisory· Published Dec 23, 2019· Updated Aug 5, 2024
CVE-2019-18211
CVE-2019-18211
Description
An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Orckestra/C1 CMSdescription
Patches
Vulnerability mechanics
References
1- github.com/Orckestra/C1-CMS-Foundation/commits/devmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.