Kentico 10 prior to 10.0.50 and 11 prior to 11.0.3 has SQL injection in the administration interface.
kentico kentico cms