CVE-2017-17736

CRITICAL NUCLEI

Kentico - Installer Privilege Escalation

Title source: nuclei

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-17736. PoCs published by 0xSojalSec. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains only a README.md file with no functional exploit code or technical details. It appears to be a placeholder or stub for a Nuclei template related to CVE-2017-17736.

Description

Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.

Exploits (1)

nomisec STUB 2 stars

by 0xSojalSec · poc

https://github.com/0xSojalSec/Nuclei-TemplatesNuclei-Templates-CVE-2017-17736

View Code ZIP pw:eip

The repository contains only a README.md file with no functional exploit code or technical details. It appears to be a placeholder or stub for a Nuclei template related to CVE-2017-17736.

Classification

Stub 10%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Kentico - Installer Privilege Escalation

CRITICALVERIFIEDby shiar

Shodan: cpe:"cpe:2.3:a:kentico:kentico_cms" || http.title:"kentico database setup"

FOFA: title="kentico database setup"

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://blog.hivint.com/advisory-access-control-bypass-in-kentico-cms-cve-2017-17736-49e1e43ae55b

Scores

CVSS v3 9.8

EPSS 0.6936

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-425

Status published

Products (1)

kentico/xperience 9.0 - 9.0.51

Published Mar 23, 2018

Tracked Since Feb 18, 2026