zamous
zamous
/ Kentico CMS - 10.0, 11.0 - Multiple Vulnerabilities
Last active
November 10, 2020 14:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Issue title: Authenticated SQL Injection | |
| Description | |
| Some pages in Kentico's administration interface built SQL queries from | |
| user-controlled input in an unsafe manner. Users need specific permissions to | |
| access these pages. However, potential attackers could trick an authenticated | |
| user with sufficient permissions into clicking a malicious link in order to | |
| achieve arbitrary SQL code execution. | |
| Details |