How severe is CVE-2019-12102?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2019-12102?

This is classified as CWE-732, which is a common weakness in software security.

CVE-2019-12102 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI. NOTE: The vendor disputes the report because the researcher did not configure the media library permissions correctly. The vendor states that by default all users can read/modify/upload files, and it’s up to the administrator to decide who should have access to the media library and set the permissions accordingly. See the vendor documentation in the references for more information

Related Vulnerabilities

CVE-2016-5202

CRITICAL

CVSS:9.1(Critical)

browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an era...

CWE-7322016

CVE-2017-7337

CRITICAL

CVSS:9.1(Critical)

An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen sess...

CWE-7322017

CVE-2018-1000132

CRITICAL

CVSS:9.1(Critical)

Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data access. This attack appear to be exploitable via n...

CWE-7322018

CVE-2018-1002150

CRITICAL

CVSS:9.1(Critical)

Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access control vulnerability resulting in arbitrary filesystem read/write access. This vulnerability has been fixed in versions 1.12.1, 1.13...

CWE-7322018

CVE-2018-14916

CRITICAL

CVSS:9.1(Critical)

LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion.

CWE-7322018

CVE-2018-21081

CRITICAL

CVSS:9.1(Critical)

An issue was discovered on Samsung mobile devices with N(7.x) software. In Dual Messenger, the second app can use the runtime permissions of the first app without a user's consent. The Samsung ID is S...

CWE-7322018