Full title: Kentico CMS 12.0.14 Remote Command Execution Exploit 
Category: remote exploits
Platform: windows
This Metasploit module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote command execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML input is passed to an insecure .NET deserialize call which allows for remote command execution.

# 0day.today @ http://0day.today/