VYPR

C1 CMS

by Orckestra

CVEs (2)

  • CVE-2021-34992Nov 15, 2021
    risk 0.02cvss epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of proper validation…

  • CVE-2019-18211Dec 23, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user.