Vulners
Lucene search
Kentico - Installer Privilege Escalation
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | CVE-2017-17736 | 22 Apr 202502:52 | – | circl |
 | Kentico Information Disclosure Vulnerability | 10 Apr 201800:00 | – | cnvd |
 | CVE-2017-17736 | 23 Mar 201815:00 | – | cve |
 | CVE-2017-17736 | 23 Mar 201815:00 | – | cvelist |
 | Kentico CMS 9.x < 9.0.51 / 10.x < 10.0.48 Privilege Escalation | 23 Jun 202000:00 | – | nessus |
| Kentico CMS < 9.0.51 / 10.x < 10.0.48 Access Control Bypass | 3 Apr 202000:00 | – | nessus |
 | CVE-2017-17736 | 23 Mar 201815:29 | – | nvd |
 | Kentico CMS 9.x < 9.0.51, 10.x < 10.0.48 Access Control Bypass Vulnerability | 20 Feb 201800:00 | – | openvas |
 | CVE-2017-17736 | 23 Mar 201815:29 | – | osv |
 | Code injection | 23 Mar 201815:29 | – | prion |
10
id: CVE-2017-17736
info:
name: Kentico - Installer Privilege Escalation
author: shiar
severity: critical
description: |
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 are susceptible to a privilege escalation attack. An attacker can obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.
impact: |
An attacker can gain administrative privileges on the Kentico CMS system.
remediation: |
Upgrade to the latest version of Kentico CMS to fix the privilege escalation vulnerability.
reference:
- https://www.exploit-db.com/ghdb/5694
- https://nvd.nist.gov/vuln/detail/CVE-2017-17736
- https://blog.hivint.com/advisory-access-control-bypass-in-kentico-cms-cve-2017-17736-49e1e43ae55b
- https://github.com/0xSojalSec/Nuclei-TemplatesNuclei-Templates-CVE-2017-17736
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2017-17736
cwe-id: CWE-425
epss-score: 0.6936
epss-percentile: 0.99271
cpe: cpe:2.3:a:kentico:kentico_cms:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: kentico
product: kentico_cms
shodan-query:
- cpe:"cpe:2.3:a:kentico:kentico_cms"
- http.title:"kentico database setup"
fofa-query: title="kentico database setup"
google-query: intitle:"kentico database setup"
tags: cve2017,cve,kentico,cms,install,unauth,edb,vuln
http:
- method: GET
path:
- "{{BaseURL}}/CMSInstall/install.aspx"
matchers-condition: or
matchers:
- type: word
words:
- "Kentico"
- "Database Setup"
- "SQLServer"
condition: and
- type: word
words:
- "Database Setup"
- "SQLServer"
condition: and
# digest: 4b0a00483046022100df4a0599bf8ea545e1619fc26c7e37e984dfe85b344b65026ddcbc7e145ff22a0221008ffbb5ff319773878e8d00ef7ecaf3bc0ff4460e1e3a52ee756a2ddd82666141:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
8.4High risk
Vulners AI Score8.4
CVSS 27.5
CVSS 39.8
EPSS0.6936