Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Kitecms
(Kitesky)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 9 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-04-04 | CVE-2021-31707 | Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type. | Kitecms | 9.8 | ||
| 2023-04-04 | CVE-2021-3267 | File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function. | Kitecms | 7.2 | ||
| 2023-04-04 | CVE-2020-20521 | Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter. | Kitecms | 6.1 | ||
| 2023-04-04 | CVE-2020-20522 | Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter. | Kitecms | 6.1 | ||
| 2021-08-12 | CVE-2021-31731 | A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter. | Kitecms | 6.5 | ||
| 2021-09-13 | CVE-2020-20671 | A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account. | Kitecms | 8.8 | ||
| 2021-09-13 | CVE-2020-20672 | An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file. | Kitecms | 7.8 | ||
| 2022-04-21 | CVE-2022-28445 | KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module. | Kitecms | 6.5 | ||
| 2023-02-03 | CVE-2021-36546 | Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL. | Kitecms | 7.5 |