kitesky/KiteCMS
GitHub
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 9.8 CRITICAL | — | ||
Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type. | |||
| 7.2 HIGH | — | ||
File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function. | |||
| 6.1 MEDIUM | — | ||
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter. | |||
| 6.1 MEDIUM | — | ||
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter. | |||
| 7.5 HIGH | — | ||
Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL. | |||
| 8.8 HIGH | 6.8 MEDIUM | ||
A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account. | |||
| 7.8 HIGH | 6.8 MEDIUM | ||
An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file. | |||
| 6.5 MEDIUM | 5.5 MEDIUM | ||
A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter. | |||