Kentico CMS Insecure Deserialization RCE Vulnerability CVE-2019-10068 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

Kentico CMS Insecure Deserialization RCE Vulnerability CVE-2019-10068 Scanner Detail

Deserialization of untrusted data in Kentico CMS allows remote attackers to execute arbitrary code.

An issue was discovered in Kentico before 12.0.15. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.

Some Advice for Common Problems

Update your Kentico CMS to the latest version to eliminate this vulnerability.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service