Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated malicious user to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sitecore cms |
||
sitecore experience platform |