Sign In

CVE-2019-12102

πŸ“Š 9.1 CRITICAL⚑ 0.2%🎯 1 exploits
πŸ“… Published May 22, 2019
πŸ“‹ Status: Modified

Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI. NOTE: The vendor disputes the report because the researcher did not configure the media library permissions correctly. The vendor states that by default all users can read/modify/upload files, and it’s up to the administrator to decide who should have access to the media library and set the permissions accordingly. See the vendor documentation in the references for more information

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:
πŸ“±
kentico / kentico
Application
Vulnerable
Version: β‰₯ 11.0.0 ∧ ≀ 12.0
CPE:
cpe:2.3:a:kentico:kentico:*:*:*:*:*:*:*:*
Metrics
9.1 CRITICALCVSS v3.0[email protected]
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
NONE
User Interaction:
NONE
Confidentiality:
HIGH
Integrity:
HIGH
Availability:
NONE
Scope:
UNCHANGED

πŸ” Technical Details

Analysis Status
Modified
CVSS Details
9.1 (CRITICAL)v3.0
Source: [email protected]
EPSS Details
0.2% (Minimal)44.8th percentile
Last updated: Oct 31, 2025
Exploitation probability within 30 days
Published Date
May 22, 2019 (6 years ago)
Last Modified
Nov 21, 2024 (11 months ago)
Security Weaknesses1

Available exploits (1)

πŸ” Sign-in Required

Sign in to view exploits and proof-of-concept code.

Sign InCreate Account
References5