2 matches found
CVE-2022-29287
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...
CVE-2022-29287
CVE-2022-29287 affects Kentico CMS before 13.0.66, where a user with management rights (default Administrator) can export the options of any user, including higher-privileged accounts (e.g., Global Administrators). The exported XML can include every option of the targeted user, including the hash...