Vulnerabilities > Kitesky

DATE CVE VULNERABILITY TITLE RISK
2023-04-04 CVE-2020-20521 Cross-site Scripting vulnerability in Kitesky Kitecms 1.1.1
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter.
network
low complexity
kitesky CWE-79
6.1
2023-04-04 CVE-2020-20522 Cross-site Scripting vulnerability in Kitesky Kitecms 1.1
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter.
network
low complexity
kitesky CWE-79
6.1
2023-04-04 CVE-2021-31707 Unrestricted Upload of File with Dangerous Type vulnerability in Kitesky Kitecms
Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type.
network
low complexity
kitesky CWE-434
critical
9.8
2023-04-04 CVE-2021-3267 Unrestricted Upload of File with Dangerous Type vulnerability in Kitesky Kitecms 1.1
File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function.
network
low complexity
kitesky CWE-434
7.2
2023-02-03 CVE-2021-36546 Insecure Storage of Sensitive Information vulnerability in Kitesky Kitecms 1.1
Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.
network
low complexity
kitesky CWE-922
7.5
2022-04-21 CVE-2022-28445 Files or Directories Accessible to External Parties vulnerability in Kitesky Kitecms 1.1.1
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module.
network
low complexity
kitesky CWE-552
6.5
2021-09-13 CVE-2020-20671 Cross-Site Request Forgery (CSRF) vulnerability in Kitesky Kitecms 1.1
A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account.
network
low complexity
kitesky CWE-352
8.8
2021-09-13 CVE-2020-20672 Unrestricted Upload of File with Dangerous Type vulnerability in Kitesky Kitecms 1.1
An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file.
local
low complexity
kitesky CWE-434
7.8
2021-08-12 CVE-2021-31731 Path Traversal vulnerability in Kitesky Kitecms 1.1.1
A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter.
network
low complexity
kitesky CWE-22
6.5