Back to search
CVE-2019-9874
Published: May 31, 2019
Modified: Oct 21, 2025
PUBLISHED
Description
Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://dev.sitecore.net/Downloads.aspx
x_refsource_MISC
https://www.synacktiv.com/blog.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now