CVE-2018-19453 Upload Malicious File in Kentico CMS
This article shows the detail of CVE-2018-19453 vulnerability.
Affected Vendor: Kentico – https://www.kentico.com
Affected Software: Kentico CMS
Affected Version: Tested on 11.0
Issue type: Unrestricted Upload of File with Dangerous Type
Release Date: 08/01/2019
Discovered by: Harold, Hivint
CVE Identifier: CVE-2018-19453
Issue status: Fixed (Hotfix 11.0.45)
Kentico CMS is vulnerable to an unrestricted file upload attack. It is possible for a malicious attacker to upload dangerous file types to perform attacks such as Cross-Site Scripting (XSS) and Cross-Origin Resource Sharing (CORS) attacks.
Navigate to the Kentico Forum
Then, click “New thread”
In the New thread, fill in the form, and select “Attach file(s)” and post the form.
Upload the sample file above as an attachment.
Intercept the traffic and change the “Content-Type:” HTTP header from “Content-Type: image/jpeg” to “Content-Type: text/html”.
An immediate workaround, Kentico has recommended to set the “Attach files” permission to “Nobody” in the Forum’s security settings. The vendor has also released a Hotfix(11.0.45).
18/11/2018 – Found the issue.
18/11/2018 – Vendor notified.
27/11/2018 – Patch available for 11.0 (Hotfix 11.0.45)