Orckestra C1-Cms-Foundation vulnerabilities
2 known vulnerabilities affecting orckestra/c1-cms-foundation.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2022-39256P3HIGHCVSS 8.0fixed in 6.132022-09-27
CVE-2022-39256 [HIGH] CWE-502 CVE-2022-39256: Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to
Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted s
nvd
CVE-2022-24789P3HIGHCVSS 7.6fixed in 6.122022-03-28
CVE-2022-24789 [HIGH] CWE-918 CVE-2022-24789: C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow a
C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also truncate arbitrary files to zero size (effectively delet
nvd