KiteCMS
Products
1- 9 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-31707 | Cri | 0.64 | 9.8 | 0.01 | Apr 4, 2023 | Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type. | ||
| CVE-2020-20671 | Hig | 0.57 | 8.8 | 0.01 | Sep 13, 2021 | A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account. | ||
| CVE-2020-20672 | Hig | 0.51 | 7.8 | 0.01 | Sep 13, 2021 | An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file. | ||
| CVE-2021-36546 | Hig | 0.49 | 7.5 | 0.01 | Feb 3, 2023 | Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL. | ||
| CVE-2021-3267 | Hig | 0.47 | 7.2 | 0.01 | Apr 4, 2023 | File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function. | ||
| CVE-2022-28445 | Med | 0.42 | 6.5 | 0.01 | Apr 21, 2022 | KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module. | ||
| CVE-2021-31731 | Med | 0.42 | 6.5 | 0.01 | Aug 12, 2021 | A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter. | ||
| CVE-2020-20522 | Med | 0.40 | 6.1 | 0.01 | Apr 4, 2023 | Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter. | ||
| CVE-2020-20521 | Med | 0.40 | 6.1 | 0.01 | Apr 4, 2023 | Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter. |
- risk 0.64cvss 9.8epss 0.01
Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type.
- risk 0.57cvss 8.8epss 0.01
A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account.
- risk 0.51cvss 7.8epss 0.01
An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file.
- risk 0.49cvss 7.5epss 0.01
Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.
- risk 0.47cvss 7.2epss 0.01
File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function.
- risk 0.42cvss 6.5epss 0.01
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module.
- risk 0.42cvss 6.5epss 0.01
A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter.
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter.
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter.