Description

Kentico CMS is an ASP.NET web content management system.

The Kentico installation wizard is found in the web application. An attacker can install a new site and get Global Administrator access.

Remediation

Restrict access to the installation wizard

References

CVE-2017–17736

Related Vulnerabilities

WordPress Plugin DW Question & Answer Security Bypass (1.2.9)

WordPress Plugin WPMktgEngine Security Bypass (3.7.6)

WordPress Plugin Stripe For WooCommerce Security Bypass (3.3.9)

WordPress Plugin Advanced Forms for ACF Security Bypass (1.6.8)

Drupal Core 9.2.x Multiple Security Bypass Vulnerabilities (9.2.0 - 9.2.5)

Severity

High

Classification

CVE-2017-17736 CWE-425 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Insecure Admin Access Authentication Bypass