Stack-Based Buffer Overflow in Kentico Web Content Management System
CVE-2018-5282

7.8HIGH

Key Information:

Vendor

Kentico

Status
Kentico Cms
Vendor
CVE Published:
8 January 2018

What is CVE-2018-5282?

Kentico Web Content Management System versions 9.0 to 11.0 are vulnerable to a stack-based buffer overflow due to improper handling of input from the SqlName, SqlPswd, Database, UserName, or Password fields in a SilentInstall XML document. This flaw may allow an attacker to exploit the system, potentially leading to unauthorized access or other malicious actions. However, the vendor has contested the issue, stating that they could not reproduce a buffer overflow or system crash, emphasizing that XML document processing occurs entirely within the managed code of the Microsoft .NET Framework.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.vulnerability-lab.com/get_content.php?id=1943
x_refsource_MISC
https://www.exploit-db.com/exploits/43547/
exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.