Every CVE whose affected-product data names Kitesky Kitecms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2021-31707 — CVSS 9.8 (critical): Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type.
CVE-2020-20671 — CVSS 8.8 (high): A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account.
CVE-2020-20672 — CVSS 7.8 (high): An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file.
CVE-2021-36546 — CVSS 7.5 (high): Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.
CVE-2021-3267 — CVSS 7.2 (high): File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function.
CVE-2022-28445 — CVSS 6.5 (medium): KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module.
CVE-2021-31731 — CVSS 6.5 (medium): A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to…
CVE-2020-20522 — CVSS 6.1 (medium): Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user…
CVE-2020-20521 — CVSS 6.1 (medium): Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter.