2 matches found
Arbitrary File Upload
Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Arbitrary File Upload due to the TryZipProviderSafe process. An attacker can create files with unauthorized extensions by exploiting...
CVE-2025-32370
Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not...