CVEDB API

Vulnerabilities

Vulnerable Software

Kitesky: >> Kitecms >> 1.1 Security Vulnerabilities

CVE-2021-3267

File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function.

CVSS Score

7.2

EPSS Score

0.008

Published

2023-04-04

CVE-2020-20522

Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter.

CVSS Score

6.1

EPSS Score

0.002

Published

2023-04-04

CVE-2021-36546

Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.

CVSS Score

7.5

EPSS Score

0.001

Published

2023-02-03

CVE-2020-20671

A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account.

CVSS Score

8.8

EPSS Score

0.001

Published

2021-09-13

CVE-2020-20672

An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file.

CVSS Score

7.8

EPSS Score

0.002

Published

2021-09-13

Page 1

Vulnerabilities

Vulnerable Software

Kitesky: >> Kitecms >> 1.1 Security Vulnerabilities

Products

Pricing

Contact Us