CVE-2018-5282

Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is implemente...

CVE-2018-6843

Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface.