Description

Kentico CMS is an ASP.NET web content management system.

The Kentico installation wizard is found in the web application. An attacker can install a new site and get Global Administrator access.

Remediation

Restrict access to the installation wizard

References

CVE-2017–17736

Related Vulnerabilities

WordPress Plugin WP Import Export Lite Security Bypass (3.9.4)

WordPress Plugin PDF Embedder Security Bypass (4.4)

WordPress Plugin Related Posts Lite Security Bypass (1.1)

WordPress Plugin Controlled Admin Access Security Bypass (1.4.0)

WordPress Plugin YITH Color and Label Variations for WooCommerce Security Bypass (1.8.11)

Severity

High

Classification

CVE-2017-17736 CWE-425 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Insecure Admin Access Authentication Bypass