CVE-2018-5282

Name of the Vulnerable Software and Affected Versions Kentico versions 9.0 through 11.0

Description The issue is related to a stack-based buffer overflow that can occur via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. However, the vendor disputes this issue, stating that neither a buffer overflow nor a crash can be reproduced, and that reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework.

Recommendations For Kentico versions 9.0 through 11.0, consider restricting access to the SilentInstall XML document to minimize the risk of exploitation, as a temporary workaround, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.