.. / CVE-2019-10068

Exploit for Kentico CMS Insecure Deserialization Remote Code Execution (CVE-2019-10068)

Description:

Kentico CMS is susceptible to remote code execution via a .NET deserialization vulnerability.

Nuclei Template

View the template here CVE-2019-10068.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2019/CVE-2019-10068.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2019-10068
https://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.html
https://www.aon.com/cyber-solutions/aon_cyber_labs/unauthenticated-remote-code-execution-in-kentico-cms/
http://packetstormsecurity.com/files/157588/Kentico-CMS-12.0.14-Remote-Command-Execution.html
https://github.com/rapid7/metasploit-framework/pull/13107