漏洞描述
9.0.51之前的Kentico9.0和10.0.48之前的10.0易受特权升级攻击。攻击者可以通过访问CMSInstall/install.aspx,然后导航到CMS管理面板来获得全局管理员访问权限
Kentico 重装漏洞(CVE-2017-17736)
PoC代码
暂无相关漏洞推荐
- POCCVE-2015-7823: Kentico CMS 8.2 - Open Redirect
- POCCVE-2017-17736: Kentico - Installer Privilege Escalation
- POCCVE-2019-10068: Kentico CMS Insecure Deserialization Remote Code Execution
- POCCVE-2025-2748: Kentico Xperience CMS - Unauthenticated Stored XSS
- POCCVE-2015-7823: Kentico CMS 8.2 - Open Redirect
- POCCVE-2017-17736: Kentico - Installer Privilege Escalation
- POCCVE-2019-10068: Kentico CMS Insecure Deserialization Remote Code Execution
- POCCVE-2025-2748: Kentico Xperience CMS - Unauthenticated Stored XSS
- POCkentico-13-auth-bypass-wt-2025-0006: Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)
- POCkentico-13-auth-bypass-wt-2025-0011: Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0011)
- 无POCKentico Xperience13 /cms/admin 文件读取漏洞 (CVE-2025-0011)
- 无POCKentico-CMS 7.0.75 PublicMessageUserSelector.aspx-信息泄漏