High severityNVD Advisory· Published Mar 28, 2022· Updated Apr 23, 2025
Deserialization of untrusted data in C1 CMS.
CVE-2022-24789
Description
C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also truncate arbitrary files to zero size (effectively delete them) leading to denial of service (DoS) or altering application logic. The authenticated user may unknowingly perform the actions by visiting a specially crafted site. Patched in C1 CMS v6.12, no known workarounds exist.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
C1CMS.AssembliesNuGet | < 6.12.8122.18346 | 6.12.8122.18346 |
Affected products
2- Range: < 6.12
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-8pp6-8x4q-c5mxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-24789ghsaADVISORY
- github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.12ghsax_refsource_MISCWEB
- github.com/Orckestra/C1-CMS-Foundation/security/advisories/GHSA-j9c2-gr6m-pp45ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.