CVE-2022-39256

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-39256

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39256.json

Aliases

GHSA-gfhp-jgp6-838j

Published

2022-09-27T15:15:09Z

Modified

2023-11-29T09:49:41.378152Z

Details

Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. This issue is patched in C1 CMS v6.13. There are no known workarounds.

References

Affected packages

Git / github.com/orckestra/c1-cms-foundation

Affected ranges

Type: GIT
Repo: https://github.com/orckestra/c1-cms-foundation
Events: Introduced

0The exact introduced commit is unknown

Fixed

119ff090b58ab246983618a04f9b0e696b6e6d77

Affected versions

5.*

5.2

Other

untagged-6de0a98504a30583647e

v2.*

v2.0

v2.1

v2.1.1

v3.*

v3.0

v3.1

v3.2

v4.*

v4.0

v4.1

v4.2

v4.2-update.1

v4.3

v5.*

v5.0

v5.0-beta.1

v5.1

v5.3

v5.4

v5.5

v6.*

v6.0

v6.1

v6.10

v6.11

v6.12

v6.2

v6.3

v6.4

v6.5

v6.6

v6.7

v6.8

v6.9