Vulnerabilities > Kitesky > Kitecms > High

DATE CVE VULNERABILITY TITLE RISK
2023-04-04 CVE-2021-3267 Unrestricted Upload of File with Dangerous Type vulnerability in Kitesky Kitecms 1.1
File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function.
network
low complexity
kitesky CWE-434
7.2
7.2
2023-02-03 CVE-2021-36546 Insecure Storage of Sensitive Information vulnerability in Kitesky Kitecms 1.1
Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.
network
low complexity
kitesky CWE-922
7.5
7.5
2021-09-13 CVE-2020-20671 Cross-Site Request Forgery (CSRF) vulnerability in Kitesky Kitecms 1.1
A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account.
network
low complexity
kitesky CWE-352
8.8
8.8
2021-09-13 CVE-2020-20672 Unrestricted Upload of File with Dangerous Type vulnerability in Kitesky Kitecms 1.1
An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file.
local
low complexity
kitesky CWE-434
7.8
7.8