CVE-2018-5282
📊 7.8 HIGH⚡ 1.3%🎯 1 exploits
📅 Published Jan 8, 2018
📋 Status: Modified
Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework
CVSS v3.0 • NVD
🎯 Affected Products & Systems
1 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | kentico | kentico cms | ≥ 9.0 ∧ ≤ 11.0 | Vulnerable | cpe:2.3:a:kentico:kentico_cms:*:*:*:*:*:*:*:* |
📱
VulnerableApplication
Version: ≥ 9.0 ∧ ≤ 11.0
CPE:
cpe:2.3:a:kentico:kentico_cms:*:*:*:*:*:*:*:*
Metrics
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector:
LOCAL
Complexity:
LOW
Privileges:
LOW
User Interaction:
NONE
Confidentiality:
HIGH
Integrity:
HIGH
Availability:
HIGH
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
ModifiedCVSS Details
7.8 (HIGH)v3.0
Source: [email protected]
EPSS Details
1.3% (Minimal)78.9th percentile
Last updated: Oct 30, 2025
Exploitation probability within 30 days
Published Date
Jan 8, 2018 (7 years ago)
Last Modified
Nov 21, 2024 (11 months ago)
Security Weaknesses1
CWE-787
Available exploits (1)
References1
NVD