CVE-2021-27581
CRITICALCVSS 9.8/10EPSS 1.63%
Last modified
CVE-2021-27581 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.. EPSS estimates a 1.63% chance of exploitation in the next 30 days.
Description
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Kentico | Kentico Cms | 5.5 | R2 |
References
- https://gist.github.com/stasinopoulos/673ae3c31d703b4d67449f4d8888c686Third Party Advisory
- https://kontent.aiProduct, Vendor Advisory
- https://www.obrela.com/kentico-cms-critical-vulnerability/Third Party Advisory
- https://gist.github.com/stasinopoulos/673ae3c31d703b4d67449f4d8888c686Third Party Advisory
- https://kontent.aiProduct, Vendor Advisory
- https://www.obrela.com/kentico-cms-critical-vulnerability/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-27581?
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
How severe is CVE-2021-27581?
CVE-2021-27581 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.63% probability of exploitation in the next 30 days.
How do I fix CVE-2021-27581?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2021-27581?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST