Deserialization of Untrusted Data in the anti CSRF module in Sitecore up to and including 9.1 allows an authenticated malicious user to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sitecore cms |