CVE-2022-39256

Name of the Vulnerable Software and Affected Versions Orckestra C1 CMS versions prior to 6.13

Description A vulnerability in Orckestra C1 CMS allows remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this issue. The authenticated user may perform the actions unknowingly by visiting a specially crafted site.

Recommendations For versions prior to 6.13, upgrade to C1 CMS v6.13 or newer to resolve the issue. As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation until the upgrade can be applied.