CVE-2021-27581
📊 9.8 CRITICAL⚡ 0.4%🎯 0 exploits
📅 Published Mar 5, 2021
📋 Status: Modified
The Blog module in Kentico CMS 5.5 R2 build 5.5.3996 allows SQL injection via the tagname parameter.
CVSS v3.1 • NVD
🎯 Affected Products & Systems
1 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | kentico | kentico cms Edition: build_5.5.3996 | 5.5 | Vulnerable | cpe:2.3:a:kentico:kentico_cms:5.5:r2:build_5.5.3996:*:*:*:*:* |
📱
VulnerableApplication
Version: 5.5
Edition: build_5.5.3996
CPE:
cpe:2.3:a:kentico:kentico_cms:5.5:r2:build_5.5.3996:*:*:*:*:*
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
NONE
User Interaction:
NONE
Confidentiality:
HIGH
Integrity:
HIGH
Availability:
HIGH
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
ModifiedCVSS Details
9.8 (CRITICAL)v3.1
Source: [email protected]
EPSS Details
0.4% (Minimal)61.0th percentile
Last updated: Oct 30, 2025
Exploitation probability within 30 days
Published Date
Mar 5, 2021 (4 years ago)
Last Modified
Nov 21, 2024 (11 months ago)
Security Weaknesses1
CWE-89
References4
NVDadvisorycode_repository+1