Vulnerabilities (CVE)

Filtered by vendor Kitesky Subscribe
Total 9 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-28445 1 Kitesky 1 Kitecms 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module.
CVE-2021-3267 1 Kitesky 1 Kitecms 2024-11-21 N/A 7.2 HIGH
File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function.
CVE-2021-36546 1 Kitesky 1 Kitecms 2024-11-21 N/A 7.5 HIGH
Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.
CVE-2021-31731 1 Kitesky 1 Kitecms 2024-11-21 5.5 MEDIUM 6.5 MEDIUM
A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter.
CVE-2021-31707 1 Kitesky 1 Kitecms 2024-11-21 N/A 9.8 CRITICAL
Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type.
CVE-2020-20672 1 Kitesky 1 Kitecms 2024-11-21 6.8 MEDIUM 7.8 HIGH
An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file.
CVE-2020-20671 1 Kitesky 1 Kitecms 2024-11-21 6.8 MEDIUM 8.8 HIGH
A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account.
CVE-2020-20522 1 Kitesky 1 Kitecms 2024-11-21 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter.
CVE-2020-20521 1 Kitesky 1 Kitecms 2024-11-21 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter.