Overview :
The EntityTokenSerializer class in Composite.dll is prone to unvalidated deserialization of wrapped BinaryFormatter payloads, leading to arbitrary remote code execution for any low-privilege user.
Affected Product(s) :
  • Orckestra C1 CMS through 6.6
Vulnerability Details :
CVE ID : CVE-2019-18211
NOTE: This vulnerability has been received by the NVD and has not been analyzed.

Solution :

Latest Update will fix the issue.