Vulnerabilities > CVE-2018-5282 - Out-of-bounds Write vulnerability in Kentico CMS
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
description | Kentico CMS 11.0 - Buffer Overflow. CVE-2018-5282. Dos exploit for Windows platform |
file | exploits/windows/dos/43547.txt |
id | EDB-ID:43547 |
last seen | 2018-01-24 |
modified | 2018-01-12 |
platform | windows |
port | |
published | 2018-01-12 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/43547/ |
title | Kentico CMS 11.0 - Buffer Overflow |
type | dos |
Packetstorm
data source | https://packetstormsecurity.com/files/download/145868/VL-1943.txt |
id | PACKETSTORM:145868 |
last seen | 2018-01-13 |
published | 2018-01-12 |
reporter | Benjamin Kunz Mejri |
source | https://packetstormsecurity.com/files/145868/Kentico-CMS-11.0-Stack-Buffer-Overflow.html |
title | Kentico CMS 11.0 Stack Buffer Overflow |