CVE-2019-11080

Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt