Orckestra
Products
3- 2 CVEs
- 2 CVEs
- 2 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-34992 | 0.02 | — | 0.04 | Nov 15, 2021 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of proper validation… | |||
| CVE-2022-39268 | 0.00 | — | 0.00 | Sep 30, 2022 | ### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or… | |||
| CVE-2022-39256 | 0.00 | — | 0.01 | Sep 27, 2022 | Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated… | |||
| CVE-2022-31503 | 0.00 | — | 0.01 | Jul 11, 2022 | The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||
| CVE-2022-24789 | 0.00 | — | 0.01 | Mar 28, 2022 | C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The… | |||
| CVE-2019-18211 | 0.00 | — | 0.03 | Dec 23, 2019 | An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user. |
- CVE-2021-34992Nov 15, 2021risk 0.02cvss —epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll. The issue results from the lack of proper validation…
- CVE-2022-39268Sep 30, 2022risk 0.00cvss —epss 0.00
### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or…
- CVE-2022-39256Sep 27, 2022risk 0.00cvss —epss 0.01
Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated…
- CVE-2022-31503Jul 11, 2022risk 0.00cvss —epss 0.01
The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.
- CVE-2022-24789Mar 28, 2022risk 0.00cvss —epss 0.01
C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The…
- CVE-2019-18211Dec 23, 2019risk 0.00cvss —epss 0.03
An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user.