VYPR
Unrated severityNVD Advisory· Published Apr 15, 2022· Updated Aug 3, 2024

CVE-2022-29287

CVE-2022-29287

Description

Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights (default is Administrator) to export the user options of any user, even ones with higher privileges (like Global Administrators) than the current user. The exported XML contains every option of the exported user (even the hashed password).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Kentico/CMSdescription
  • Ilch/CMSllm-fuzzy
    Range: <13.0.66

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.