CVE-2019-25229

Name of the Vulnerable Software and Affected Versions Kentico Xperience (affected versions not specified)

Description An unrestricted file upload issue allows authenticated users with 'Read data' permissions to upload arbitrary file types through MVC form file uploader components. Attackers can manipulate file names to upload potentially malicious files to the system, leading to unauthorized file uploads.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.