The Cybersecurity and Infrastructure Security Agency (CISA) has included a critical deserialization vulnerability affecting Sitecore CMS and Experience Platform (XP). This vulnerability, tracked as CVE-2019-9874, allows unauthenticated attackers to execute arbitrary code by manipulating HTTP POST parameters, specifically the __CSRFTOKEN field. The vulnerability exploits a weakness in the Sitecore.Security.AntiCSRF module, enabling malicious actors to send […] The post CISA Adds Sitecore CMS Code Execution Vulnerability to Exploited List appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/sitecore-cms-code-execution-vulnerability/
