CVE-2018-5282

HIGH

Kentico Xperience 9.0-11.0 - Stack-based Buffer Overflow via SilentInstall XML Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-5282. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This exploit demonstrates a local stack buffer overflow vulnerability in Kentico CMS v9.0, v10.0, and v11.0 by leveraging an XML configuration file with oversized Unicode payloads in specific fields (e.g., SqlName, SqlPswd, Database). The vulnerability allows local attackers to overwrite active registers (e.g., ECX, EBP, EIP) during the installation process, potentially leading to privilege escalation or process compromise.

Description

Kentico 9.0 through 11.0 has a stack-based buffer overflow via the SqlName, SqlPswd, Database, UserName, or Password field in a SilentInstall XML document. NOTE: the vendor disputes this issue because neither a buffer overflow nor a crash can be reproduced; also, reading XML documents is implemented exclusively with managed code within the Microsoft .NET Framework

Exploits (1)

exploitdb WORKING POC

by Vulnerability-Lab · textdoswindows

https://www.exploit-db.com/exploits/43547

View Code ZIP pw:eip

This exploit demonstrates a local stack buffer overflow vulnerability in Kentico CMS v9.0, v10.0, and v11.0 by leveraging an XML configuration file with oversized Unicode payloads in specific fields (e.g., SqlName, SqlPswd, Database). The vulnerability allows local attackers to overwrite active registers (e.g., ECX, EBP, EIP) during the installation process, potentially leading to privilege escalation or process compromise.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Kentico CMS v9.0, v10.0, v11.0

Auth required

Prerequisites: Local access to the system · Low-privileged or restricted user account · Ability to modify XML configuration files during Kentico installation

MITRE ATT&CK

T1210 - Exploitation of Remote Services T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.vulnerability-lab.com/get_content.php?id=1943

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/43547/

Scores

CVSS v3 7.8

EPSS 0.0158

EPSS Percentile 72.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

kentico/xperience 9.0 - 11.0

Published Jan 08, 2018

Tracked Since Feb 18, 2026