CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-25229

HIGH
8.8
CVSS Severity Score
EPSS Score0.1880%
EPSS Percentile44.08th
Published2025年12月18日
Last Modified2025年12月24日

Vulnerability Description

An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader components. Attackers can manipulate file names and upload potentially malicious files to the system, enabling unauthorized file uploads.

Affected Platforms (CPE)

📦
Kentico

Xperience

<= 12.0.29

References & Advisories

🔗 https://devnet.kentico.com/download/hotfixes
🔗 https://www.vulncheck.com/advisories/kentico-xperience-mvc-forms-unrestricted-file-upload

相关漏洞威胁

CVE-2025-27499.1

Kentico Xperience contains a path traversal vulnerability that could allow an authenticated user's Staging Sync Server to upload a...

CVE-2021-477118.8

A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject malicious SQL queries via online marketi...

CVE-2021-477127.5

A cryptography vulnerability in Kentico Xperience allows attackers to potentially manipulate URL hash values through existing hash...

CVE-2020-368907.2

An access control bypass vulnerability in Kentico Xperience allows administrators to modify global administrator user privileges v...