Vulnerabilities > CVE-2018-5282 - Out-of-bounds Write vulnerability in Kentico CMS
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Kentico CMS 11.0 - Buffer Overflow. CVE-2018-5282. Dos exploit for Windows platform |
| file | exploits/windows/dos/43547.txt |
| id | EDB-ID:43547 |
| last seen | 2018-01-24 |
| modified | 2018-01-12 |
| platform | windows |
| port | |
| published | 2018-01-12 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/43547/ |
| title | Kentico CMS 11.0 - Buffer Overflow |
| type | dos |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/145868/VL-1943.txt |
| id | PACKETSTORM:145868 |
| last seen | 2018-01-13 |
| published | 2018-01-12 |
| reporter | Benjamin Kunz Mejri |
| source | https://packetstormsecurity.com/files/145868/Kentico-CMS-11.0-Stack-Buffer-Overflow.html |
| title | Kentico CMS 11.0 Stack Buffer Overflow |