← back
CVE-2018-5282

CVE-2018-5282

EPSS 1.5%
Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/43547/unverifiedexploitdbwww.exploit-db.com/exploits/43547unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/43547/https://www.vulnerability-lab.com/get_content.php?id=1943