CNNVD-202512-3398 Information

CNNVD ID

CNNVD-202512-3398

Related CVE

CVE-2021-47711

• CNNVD Published: 2025-12-18

Description (Chinese)

Kentico Xperience是Kentico公司的一个数字体验平台。 Kentico Xperience存在SQL注入漏洞，该漏洞源于在线营销宏方法参数可能被注入恶意SQL查询，导致SQL注入攻击。

Description (English)

Kentico Xperience is a digital experience platform for Kentico. Kentico Xperience has an injection loophole in SQL, which stems from the fact that the parameters of the online marketing macro method may have been injected into malicious SQL queries, leading to the injection of SQL into the attack.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

Kentico

Published

2025-12-18

Last Modified

2026-02-24

References

https://devnet.kentico.com/download/hotfixes https://www.vulncheck.com/advisories/kentico-xperience-online-marketing-macros-sql-injection

Patch

https://devnet.kentico.com/download/hotfixes