5 matches found
CVE-2025-2749
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code...
CVE-2025-2749
creationtimestamp| type| source ---|---|--- 2025-03-24 19:23:08+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/8502 2025-03-24 22:35:06+00:00| seen| https://t.me/cvedetector/20994 2025-03-24 22:39:53+00:00| seen|...
CVE-2025-2749
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code...
CVE-2025-2749
CVE-2025-2749 affects Kentico Xperience versions up to and including 13.0.178, where an authenticated Staging Sync Server can upload data to path-relative locations, causing path traversal and arbitrary file uploads that can lead to remote code execution. Root cause is authenticated path traversa...
CVE-2025-2749 Kentico Xperience <= 13.0.178 Staging Media File Upload Authenticated RCE
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code...