Two days ago, we looked at one method web spammers are using to post spam files on to websites, abusing the Webform module for Drupal. Another aspect of this involves a less popular content management system, Kentico CMS. Like the abuse of that Drupal module, this isn’t a new issue. Lorenzo Franceschi-Bicchierai covered this situation in June of last year at TechCrunch.
What is going on there, though, isn’t as clear. The TechCrunch article had this response from the developer of Kentico CMS:
“We are aware of this particular risk that could have happened with Kentico 12 or older versions. This was identified years ago as a result of a misconfiguration, and we already addressed it at the time and changed our documentation,”
It’s unclear what addressing it means and if this was an end-user misconfiguration or a developer misconfiguration.
The security fixes listed version 12 of Kentico CMS on the software’s Hotfixes page, including two fixes for vulnerabilities that allowed uploading files that shouldn’t have been allowed. We found another claim of a similar issue that was supposed to have been addressed in version 11.0.45 of the software, though we couldn’t find a mention on the Hotfixes page of a security fix in that version.
So this is possibly caused by a vulnerability in an old version of Kentico CMS or possibly abuse of intended upload functionality that was addressed in new versions of the software.
For those running Kentico CMS or other web software that have websites that appear to be hacked, we can help you to get that properly cleaned up.