Main
Vulnerability Database
Exploits
ID:6431 - Exploit for Stack-based buffer overflow in Kentico - CVE-2018-5282
ID:6431 - Exploit for Stack-based buffer overflow in Kentico - CVE-2018-5282
Published: June 17, 2021
Vulnerability identifier: #VU10027
Vulnerability risk: Low
CVE-ID: CVE-2018-5282
CWE-ID: CWE-121
Exploitation vector: Local access
Vulnerable software:
Kentico
Kentico
Link to public exploit:
Vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to a stack-based buffer overflow. A local attacker can use SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to a stack-based buffer overflow. A local attacker can use SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document, trigger memory corruption and execute arbitrary code with system privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.