Vulnerabilities > Kentico > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-18 | CVE-2022-32387 | Unspecified vulnerability in Kentico In Kentico before 13.0.66, attackers can achieve Denial of Service via a crafted request to the GetResource handler. | 7.5 |
| 2019-04-10 | CVE-2018-19453 | Unrestricted Upload of File with Dangerous Type vulnerability in Kentico CMS Kentico CMS before 11.0.45 allows unrestricted upload of a file with a dangerous type. | 8.8 |
| 2019-02-08 | CVE-2019-6242 | Insufficiently Protected Credentials vulnerability in Kentico 10.0.42 Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. | 7.2 |
| 2018-03-19 | CVE-2018-6843 | SQL Injection vulnerability in Kentico CMS Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface. | 7.2 |
| 2018-02-20 | CVE-2018-7046 | OS Command Injection vulnerability in Kentico CMS Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C# code in a "Pages -> Edit -> Template -> Edit template properties -> Layout" box. | 7.2 |
| 2018-01-08 | CVE-2018-5282 | Out-of-bounds Write vulnerability in Kentico CMS Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. | 7.8 |