漏洞描述
Kentico Xperience13 是一款功能强大的内容管理系统(CMS),广泛应用于企业网站和数字体验管理。该系统存在文件读取漏洞(CVE-2025-0011),攻击者可以利用该漏洞绕过权限验证,读取系统中的敏感文件,从而导致信息泄露和潜在的安全风险。
Kentico Xperience13 /cms/admin 文件读取漏洞 (CVE-2025-0011)
PoC代码
暂无相关漏洞推荐
- POC CVE-2015-7823: Kentico CMS 8.2 - Open Redirect
- POC CVE-2017-17736: Kentico - Installer Privilege Escalation
- POC CVE-2019-10068: Kentico CMS Insecure Deserialization Remote Code Execution
- POC CVE-2025-2748: Kentico Xperience CMS - Unauthenticated Stored XSS
- kentico-13-auth-bypass-wt-2025-0006: Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)
- kentico-13-auth-bypass-wt-2025-0011: Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0011)
- POC CVE-2025-2746: Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0011)
- POC CVE-2025-2747: Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)
- (CVE-2025-2747)Kentico Xperience认证绕过漏洞
- (CVE-2025-2746)Kentico Xperience认证绕过漏洞
- Kentico 重装漏洞(CVE-2017-17736)
- Kentico-CMS 7.0.75 PublicMessageUserSelector.aspx-信息泄漏
- Kentico CMS up to 9.0.50/10.0.47 CMS Administration Dashboard CMSInstall/install.aspx 访问控制漏洞