Vulnerabilities > Kentico > Kentico CMS > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-10 | CVE-2018-19453 | Unrestricted Upload of File with Dangerous Type vulnerability in Kentico CMS Kentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type. | 8.8 |
| 2018-03-19 | CVE-2018-6843 | SQL Injection vulnerability in Kentico CMS Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface. | 7.2 |
| 2018-02-20 | CVE-2018-7046 | OS Command Injection vulnerability in Kentico CMS Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a "Pages -> Edit -> Template -> Edit template properties -> Layout" box. | 7.2 |
| 2018-01-08 | CVE-2018-5282 | Out-of-bounds Write vulnerability in Kentico CMS Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. | 7.8 |