Detects 'Deserialization of Untrusted Data' vulnerability in Kentico CMS affects v. 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x.
Can be used by
Scan only one
CVE-2019-10068 Scanner Detail
Kentico CMS is a popular web content management system used by many businesses worldwide. With Kentico, website owners can design, manage and promote their web content with ease. The software provides many features, including content editing, marketing and e-commerce capabilities, and site analytics. Additionally, Kentico is highly scalable, making it an ideal choice for businesses of all sizes.
CVE-2019-10068 is a vulnerability that was discovered in Kentico versions 9.x through 12.0.x. The vulnerability arises from a failure to validate security headers. This loophole makes it possible for an attacker to craft a request to the staging service and bypass the initial security checks. After that, a specially crafted, unauthenticated .NET object input can be used to execute remote code on the Kentico server.
Exploiting this vulnerability puts the entire site at risk. An attacker can execute arbitrary code on the server that could result in unauthorized access to its data, compromising user privacy, and potentially damaging the reputation of the affected business. Additionally, the attack opens up the site to other types of attacks, such as advanced persistent threats, that further endanger the company's digital assets.
Thanks to pro features provided by the Security Foreveryone.com platform, website owners can stay informed about vulnerabilities like CVE-2019-10068 in their digital assets. Security Foreveryone.com provides comprehensive vulnerability detection, management and mitigation solutions that protect businesses from cyber threats. By using this platform, website owners can have peace of mind, knowing that their digital assets and online reputation are secure.