VYPR
Vendor

Orckestra

Products
3
CVEs
6
Across products
6
Status
Private

Products

3

Recent CVEs

6
  • CVE-2021-34992Nov 15, 2021
    risk 0.02cvss epss 0.04

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of proper validation…

  • CVE-2022-39268Sep 30, 2022
    risk 0.00cvss epss 0.00

    ### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or…

  • CVE-2022-39256Sep 27, 2022
    risk 0.00cvss epss 0.01

    Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated…

  • CVE-2022-31503Jul 11, 2022
    risk 0.00cvss epss 0.01

    The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

  • CVE-2022-24789Mar 28, 2022
    risk 0.00cvss epss 0.01

    C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The…

  • CVE-2019-18211Dec 23, 2019
    risk 0.00cvss epss 0.03

    An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user.