Vulnerabilities > CVE-2018-5282 - Out-of-bounds Write vulnerability in Kentico CMS

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
kentico
CWE-787
exploit available

Summary

Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework

Vulnerable Configurations

Part Description Count
Application
Kentico
106

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionKentico CMS 11.0 - Buffer Overflow. CVE-2018-5282. Dos exploit for Windows platform
fileexploits/windows/dos/43547.txt
idEDB-ID:43547
last seen2018-01-24
modified2018-01-12
platformwindows
port
published2018-01-12
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/43547/
titleKentico CMS 11.0 - Buffer Overflow
typedos

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/145868/VL-1943.txt
idPACKETSTORM:145868
last seen2018-01-13
published2018-01-12
reporterBenjamin Kunz Mejri
sourcehttps://packetstormsecurity.com/files/145868/Kentico-CMS-11.0-Stack-Buffer-Overflow.html
titleKentico CMS 11.0 Stack Buffer Overflow