CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities - OpenCVE

ReportizFlow

Filtered by vendor Kitesky Subscriptions

Filtered by product Kitecms Subscriptions

Total 9 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-28445	1 Kitesky	1 Kitecms	2024-11-21	6.5 Medium
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module.
CVE-2021-3267	1 Kitesky	1 Kitecms	2024-11-21	7.2 High
File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function.
CVE-2021-36546	1 Kitesky	1 Kitecms	2024-11-21	7.5 High
Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.
CVE-2021-31731	1 Kitesky	1 Kitecms	2024-11-21	6.5 Medium
A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter.
CVE-2021-31707	1 Kitesky	1 Kitecms	2024-11-21	9.8 Critical
Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type.
CVE-2020-20672	1 Kitesky	1 Kitecms	2024-11-21	7.8 High
An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file.
CVE-2020-20671	1 Kitesky	1 Kitecms	2024-11-21	8.8 High
A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account.
CVE-2020-20522	1 Kitesky	1 Kitecms	2024-11-21	6.1 Medium
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter.
CVE-2020-20521	1 Kitesky	1 Kitecms	2024-11-21	6.1 Medium
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter.

Page 1 of 1.