Browse all 3 CVE security advisories affecting Orckestra. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Orckestra provides e-commerce platform solutions enabling businesses to create and manage online storefronts. Historically, their products have been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation and access control flaws. While no major public security incidents have been widely documented, the three CVEs on record highlight persistent security concerns in their software architecture. These vulnerabilities typically allow attackers to execute arbitrary code, manipulate web content, or gain elevated privileges within the system, emphasizing the need for rigorous security testing and patch management for organizations implementing Orckestra's solutions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-39256 | Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution. — C1-CMS-FoundationCWE-502 | 9.0 | Critical | 2022-09-27 |
| CVE-2022-24789 | Deserialization of untrusted data in C1 CMS. — C1-CMS-FoundationCWE-918 | 7.6 | High | 2022-03-28 |
| CVE-2021-34992 | Orckestra C1 CMS 代码问题漏洞 — C1 CMSCWE-502 | 8.8 | - | 2021-11-15 |
This page lists every published CVE security advisory associated with Orckestra. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.