CVE-2022-39256

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-39256

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-39256.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-39256

Aliases

GHSA-gfhp-jgp6-838j

Withdrawn

2024-05-08T06:52:00.715985Z

Published

2022-09-27T15:15:09Z

Modified

2023-11-28T23:17:03.011307Z

Severity

8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. This issue is patched in C1 CMS v6.13. There are no known workarounds.

References

Affected packages

Git / github.com/orckestra/c1-cms-foundation

Affected ranges

Type: GIT
Repo: https://github.com/orckestra/c1-cms-foundation
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

119ff090b58ab246983618a04f9b0e696b6e6d77

Affected versions

5.*

5.2

Other

untagged-6de0a98504a30583647e

v2.*

v2.0

v2.1

v2.1.1

v3.*

v3.0

v3.1

v3.2

v4.*

v4.0

v4.1

v4.2

v4.2-update.1

v4.3

v5.*

v5.0

v5.0-beta.1

v5.1

v5.3

v5.4

v5.5

v6.*

v6.0

v6.1

v6.10

v6.11

v6.12

v6.2

v6.3

v6.4

v6.5

v6.6

v6.7

v6.8

v6.9