Description
Kentico CMS is an ASP.NET web content management system.
Kentico CMS API uses .NET deserialization of user-supplied data. Arbitrary object deserialization is inherently unsafe, and should never be performed on untrusted data.
Remediation
Upgrade to the latest version of Kentico CMS
References
Related Vulnerabilities
Oracle Reports Services RWServlet environment variables disclosure
WS_FTP AHT Deserialization RCE (CVE-2023-40044)
WordPress Plugin CiviCRM Remote Code Execution (5.24.2)
WordPress Deserialization of Untrusted Data Vulnerability (CVE-2020-36326)
Oracle Business Intelligence ReportTemplateService XXE (CVE-2021-2400)