CVE-2019-12102

Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabsmedia.aspx URI. NOTE: The vendor disputes the report because the researcher did not configure the media library permissions...

EUVD-2018-18589

Malware in sbrugna...

EUVD-2019-9113

Malware in sbrugna...

EUVD-2018-18588

Malware in sbrugna...

EUVD-2022-53557

Malicious code in bioql PyPI...

CVE-2022-32387

In Kentico before 13.0.66, attackers can achieve Denial of Service via a crafted request to the GetResource handler...

CVE-2022-32387

In Kentico before 13.0.66, attackers can achieve Denial of Service via a crafted request to the GetResource handler...

Kentico SQL Injection Vulnerability (CNVD-2021-22156)

Kentico is an all-in-one ASP.NET CMS that fully integrates Web content management, e-commerce, online marketing and intranet into one platform. A SQL injection vulnerability exists in the Blog module in Kentico 5.5 R2 build 5.5.3996. The vulnerability can be exploited by an attacker via the tagna...

CVE-2019-10068

An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to...

PT-2018-6559

Name of the Vulnerable Software and Affected Versions: Kentico versions 9.0 through 9.0.50 Kentico versions 10.0 through 10.0.47 Description: The issue allows remote attackers to obtain Global Administrator access. This can be achieved by visiting the "CMSInstall/install.aspx" endpoint and then...