9 matches found
CVE-2019-10068
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to...
Kentico CMS Remote Code Execution (CVE-2019-10068)
A remote code execution vulnerability exists in Kentico CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Kentico CMS 12.0.14 Remote Command Execution Exploit
This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML inp...
CVE-2019-10068
creationtimestamp| type| source ---|---|--- 2020-05-06 14:27:21+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/kenticostagingsyncserver.rb 2023-06-14 21:10:03+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-12-04 08:03:59+00:00|...
Kentico CMS Staging SyncServer Unserialize Remote Command Execution
This module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote Command Execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML input is passe...
CVE-2019-10068
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to...
CVE-2019-10068
Kentico CMS is affected by a remote code execution vulnerability (CVE-2019-10068) due to insecure .NET object deserialization during staging service processing. Affected versions include Kentico 12.0.x before 12.0.15, 11.x before 11.0.48, 10.x before 10.0.52, and 9.x. The issue can be triggered v...
CVE-2019-10068
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to...
CVE-2019-10068
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to...