Vulnerability CVE-2022-30981
Published: 2022-07-17   Modified: 2022-07-18

Description:
An issue was discovered in Gentics CMS before 5.43.1. By uploading a malicious ZIP file, an attacker is able to deserialize arbitrary data and hence can potentially achieve Java code execution.

See advisories in our WLB2 database:
Topic
Author
Date
High
Gentics CMS 5.36.29 Cross Site Scripting / Deserialization
Gerhard Hechenbe...
20.06.2022

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilies-in-gentics-cms/
Copyright 2024, cxsecurity.com

 

Back to Top