CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-47711

HIGH
8.8
CVSS Severity Score
EPSS Score0.1660%
EPSS Percentile0.60th
Published2025年12月18日
Last Modified2025年12月24日

Vulnerability Description

A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject malicious SQL queries via online marketing macro method parameters. This enables unauthorized database access and potential data manipulation by exploiting macro method input validation weaknesses.

Affected Platforms (CPE)

📦
Kentico

Xperience

<= 13.0.52

References & Advisories

🔗 https://devnet.kentico.com/download/hotfixes
🔗 https://www.vulncheck.com/advisories/kentico-xperience-online-marketing-macros-sql-injection

関連する脆弱性情報

CVE-2025-27499.1

Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload a...

CVE-2019-252298.8

An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload a...

CVE-2021-477127.5

A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hash...

CVE-2020-368907.2

An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges v...