Vulnerability Description
Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kentico | Xperience | >= 9.0, <= 11.0 |
Related Weaknesses (CWE)
References
- https://www.exploit-db.com/exploits/43547/ExploitThird Party AdvisoryVDB Entry
- https://www.vulnerability-lab.com/get_content.php?id=1943ExploitThird Party Advisory
- https://www.exploit-db.com/exploits/43547/ExploitThird Party AdvisoryVDB Entry
- https://www.vulnerability-lab.com/get_content.php?id=1943ExploitThird Party Advisory
FAQ
What is CVE-2018-5282?
CVE-2018-5282 is a vulnerability with a CVSS score of 7.8 (HIGH). Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because...
How severe is CVE-2018-5282?
CVE-2018-5282 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5282?
Check the references section above for vendor advisories and patch information. Affected products include: Kentico Xperience.