Vulnerabilities > Kentico > Kentico CMS > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-03-05 CVE-2021-27581 SQL Injection vulnerability in Kentico CMS 5.5
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
network
low complexity
kentico CWE-89
critical
 9.8
9.8
2018-03-23 CVE-2017-17736 Forced Browsing vulnerability in Kentico CMS
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.
network
low complexity
kentico CWE-425
critical
 9.8
9.8