CVE-2018-5282
Last modified
CVE-2018-5282 is a vulnerability of currently unknown severity. Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework. EPSS estimates a 1.55% chance of exploitation in the next 30 days.
Description
Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kentico | Xperience | >= 9.0, <= 11.0 |
References
- https://www.exploit-db.com/exploits/43547/Exploit, Third Party Advisory, VDB Entry
- https://www.vulnerability-lab.com/get_content.php?id=1943Exploit, Third Party Advisory
- https://www.exploit-db.com/exploits/43547/Exploit, Third Party Advisory, VDB Entry
- https://www.vulnerability-lab.com/get_content.php?id=1943Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-5282?
How severe is CVE-2018-5282?
How do I fix CVE-2018-5282?
Are you affected by CVE-2018-5282?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST