VYPR

KiteCMS

by KiteCMS

CVEs (9)

  • CVE-2021-31707CriApr 4, 2023
    risk 0.64cvss 9.8epss 0.01

    Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type.

  • CVE-2020-20671HigSep 13, 2021
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account.

  • CVE-2020-20672HigSep 13, 2021
    risk 0.51cvss 7.8epss 0.01

    An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file.

  • CVE-2021-36546HigFeb 3, 2023
    risk 0.49cvss 7.5epss 0.01

    Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.

  • CVE-2021-3267HigApr 4, 2023
    risk 0.47cvss 7.2epss 0.01

    File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function.

  • CVE-2022-28445MedApr 21, 2022
    risk 0.42cvss 6.5epss 0.01

    KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module.

  • CVE-2021-31731MedAug 12, 2021
    risk 0.42cvss 6.5epss 0.01

    A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter.

  • CVE-2020-20522MedApr 4, 2023
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter.

  • CVE-2020-20521MedApr 4, 2023
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter.