Stack-Based Buffer Overflow in Kentico Web Content Management System
CVE-2018-5282

7.8HIGH

Key Information:

Vendor: Kentico
Status: Kentico Cms
Vendor: CVE Published:; 8 January 2018

What is CVE-2018-5282?

Kentico Web Content Management System versions 9.0 to 11.0 are vulnerable to a stack-based buffer overflow due to improper handling of input from the SqlName, SqlPswd, Database, UserName, or Password fields in a SilentInstall XML document. This flaw may allow an attacker to exploit the system, potentially leading to unauthorized access or other malicious actions. However, the vendor has contested the issue, stating that they could not reproduce a buffer overflow or system crash, emphasizing that XML document processing occurs entirely within the managed code of the Microsoft .NET Framework.

References

https://www.vulnerability-lab.com/get_content.php?id=1943

x_refsource_MISC

https://www.exploit-db.com/exploits/43547/

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 8, 2018
Vulnerability Reserved
Jan 8, 2018