Description

Kentico CMS is an ASP.NET web content management system.

The Kentico installation wizard is found in the web application. An attacker can install a new site and get Global Administrator access.

Remediation

Restrict access to the installation wizard

References

CVE-2017–17736

Related Vulnerabilities

WordPress Plugin Quick Page/Post Redirect Security Bypass (5.1.9)

WordPress Plugin Catch Breadcrumb Security Bypass (1.6)

WordPress Plugin WooCommerce Product Feed Manager Security Bypass (2.2.3)

WordPress Plugin Thrive Apprentice Security Bypass (2.3.9.3)

WordPress Plugin Events Search For The Events Calendar Security Bypass (1.1.3)

Severity

High

Classification

CVE-2017-17736 CWE-425 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Insecure Admin Access Authentication Bypass