2022-09-25 20:43:17 +00:00
id : CVE-2017-17736
info :
name : Kentico - Unauthenticated Administration Dashboard
author : shiar
severity : critical
description : |
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.
reference :
2022-09-26 07:43:33 +00:00
- https://www.exploit-db.com/ghdb/5694
2022-09-25 20:43:17 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2017-17736
2022-09-26 07:43:33 +00:00
metadata :
verified : true
google-dork : intitle:"kentico database setup"
2022-09-26 08:37:55 +00:00
tags : cve,cve2017,kentico,cms,install,rce,unauth
2022-09-25 20:43:17 +00:00
requests :
- method : GET
path :
- "{{BaseURL}}/CMSInstall/install.aspx"
2022-09-26 07:43:33 +00:00
matchers-condition : or
2022-09-25 20:43:17 +00:00
matchers :
- type : word
words :
2022-09-26 01:27:17 +00:00
- "Kentico"
- "Database Setup"
2022-09-26 07:44:59 +00:00
- "SQLServer"
2022-09-26 07:43:33 +00:00
condition : and
- type : word
words :
- "Database Setup"
2022-09-26 07:44:59 +00:00
- "SQLServer"
2022-09-26 01:27:17 +00:00
condition : and
