GHSA-gfhp-jgp6-838j

Source

https://github.com/advisories/GHSA-gfhp-jgp6-838j

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-gfhp-jgp6-838j/GHSA-gfhp-jgp6-838j.json

Aliases

• CVE-2022-39256

Published

2022-09-30T04:54:06Z

Modified

2023-11-08T04:10:16.883378Z

Details

Impact

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site.

Patches

Patched in C1 CMS v6.13

Workarounds

Upgrade to C1 CMS v6.13 or newer is required

Credit

This issue was discovered and reported by Markus Wulftange / Code White GmbH.

References

• https://github.com/Orckestra/C1-CMS-Foundation/security/advisories/GHSA-gfhp-jgp6-838j
• https://nvd.nist.gov/vuln/detail/CVE-2022-39256
• https://github.com/Orckestra/C1-CMS-Foundation/pull/814
• https://github.com/Orckestra/C1-CMS-Foundation/commit/af856ab5a62d19acf6aea1b1f4c6c3c4985c9446
• https://github.com/Orckestra/C1-CMS-Foundation
• https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.13