Login Sign Up

CVE-2022-24789

7.6 HIGH
Denial of Service SSRF

📋 TL;DR

CVE-2022-24789 is a Server-Side Request Forgery (SSRF) vulnerability in C1 CMS that allows authenticated users to make arbitrary GET requests to internal servers and truncate files to zero size. This can lead to data exfiltration, denial of service, or manipulation of application logic. All C1 CMS installations with authenticated users are affected.

💻 Affected Systems

Products:
  • C1 CMS
Versions: All versions prior to 6.12
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user access; can be exploited via CSRF if user visits malicious site while authenticated.

📦 What is this software?

C1 Cms by Orckestra

View all CVEs affecting C1 Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker exfiltrates sensitive internal network data, deletes critical system files causing complete system outage, and manipulates application behavior to gain further access.

🟠

Likely Case

Authenticated user (including low-privilege accounts) causes denial of service by deleting application files or accesses internal services that shouldn't be exposed.

🟢

If Mitigated

With proper network segmentation and file permission controls, impact limited to specific application components rather than entire system.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once authenticated; CSRF vector makes it easier to trick users.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.12

Vendor Advisory: https://github.com/Orckestra/C1-CMS-Foundation/security/advisories/GHSA-j9c2-gr6m-pp45

Restart Required: Yes

Instructions:

1. Backup your C1 CMS installation and database. 2. Download C1 CMS v6.12 from official repository. 3. Replace existing installation files with patched version. 4. Restart the application and web server. 5. Verify functionality.

🔧 Temporary Workarounds

No official workarounds

all

Vendor states no known workarounds exist for this vulnerability

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate C1 CMS from internal services
  • Apply strict file permissions and monitor for unauthorized file modifications

🔍 How to Verify

Check if Vulnerable:

Check C1 CMS version in admin panel or web.config file; versions below 6.12 are vulnerable

Check Version:

Check web.config or admin interface for version information

Verify Fix Applied:

Verify version is 6.12 or higher in admin panel and test SSRF protection mechanisms

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from C1 CMS server
  • Unexpected file truncation operations
  • CSRF attempts against authenticated endpoints

Network Indicators:

  • C1 CMS server making requests to internal IP ranges
  • Unexpected traffic to localhost services from web server

SIEM Query:

source="C1-CMS" AND (dest_ip=10.0.0.0/8 OR dest_ip=172.16.0.0/12 OR dest_ip=192.168.0.0/16 OR dest_ip=127.0.0.1) AND http_method="GET"

📊 Metadata

CVE ID: CVE-2022-24789
CVSS v3 Score: 7.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CWE: CWE-918
Published: March 28, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24789, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)