CVE-2017-17736

CRITICAL NUCLEI

Kentico - Installer Privilege Escalation

Title source: nuclei

Description

Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.

Exploits (1)

nomisec STUB 2 stars

by 0xSojalSec · poc

https://github.com/0xSojalSec/Nuclei-TemplatesNuclei-Templates-CVE-2017-17736

View Code ZIP pw:eip

Nuclei Templates (1)

Kentico - Installer Privilege Escalation

CRITICALVERIFIEDby shiar

Shodan: cpe:"cpe:2.3:a:kentico:kentico_cms" || http.title:"kentico database setup"

FOFA: title="kentico database setup"

References (1)

[Exploit, Third Party Advisory] https://blog.hivint.com/advisory-access-control-bypass-in-kentico-cms-cve-2017-17736-49e1e43ae55b

Scores

CVSS v3 9.8

EPSS 0.9265

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-425

Status published

Products (1)

kentico/xperience 9.0 - 9.0.51

Published Mar 23, 2018

Tracked Since Feb 18, 2026