Filtered by vendor Kitesky
Subscribe
Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-36546 | 1 Kitesky | 1 Kitecms | 2023-02-09 | N/A | 7.5 HIGH |
Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL. | |||||
CVE-2022-28445 | 1 Kitesky | 1 Kitecms | 2022-05-02 | 4.0 MEDIUM | 6.5 MEDIUM |
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module. | |||||
CVE-2020-20671 | 1 Kitesky | 1 Kitecms | 2021-09-24 | 6.8 MEDIUM | 8.8 HIGH |
A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account. | |||||
CVE-2020-20672 | 1 Kitesky | 1 Kitecms | 2021-09-23 | 6.8 MEDIUM | 7.8 HIGH |
An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file. | |||||
CVE-2021-31731 | 1 Kitesky | 1 Kitecms | 2021-08-17 | 5.5 MEDIUM | 6.5 MEDIUM |
A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter. |