CVE-2022-24789

Deserialization of untrusted data in C1 CMS.

CVSS 7.6 HIGHEPSS 0.7%CWE-918

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.6EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

28 Mar 2022Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The attacker may also truncate arbitrary files to zero size (effectively delete them) leading to denial of service (DoS) or altering application logic. The authenticated user may unknowingly perform the actions by visiting a specially crafted site. Patched in C1 CMS v6.12, no known workarounds exist.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Affected products

Orckestra · C1-CMS-Foundation

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/Orckestra/C1-CMS-Foundation/releases/tag/v6.12 https://github.com/Orckestra/C1-CMS-Foundation/security/advisories/GHSA-j9c2-gr6m-pp45