Kentico CMS 12.0.14 Remote Command Execution
Posted by deepcore on May 7, 2020 – 7:54 pm
This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML input is passed to an insecure .NET deserialize call which allows for remote command execution.
Post a reply
You must be logged in to post a comment.