kitesky CVE Vulnerabilities & CVE List (9)

Products (CPE): — CVEs: 9

kitesky vulnerability overview

Aggregates CVE and security vulnerability intelligence across all kitesky-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk cross-site scripting, vendor risk path handling, and vendor risk csrf and related problems; some flaws may lead to vendor impact session compromise and vendor impact file overwrite.

Vulnerability distribution trend (last 24 months)

CVE	Summary	Source	Max CVSS	EPSS %	Published	Updated
CVE-2021-3267	File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function.	[email protected]	7.2	1.26%	2023-04-04	2026-06-17
CVE-2021-31707	Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type.	[email protected]	9.8	1.26%	2023-04-04	2026-06-16
CVE-2020-20522	Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter.	[email protected]	6.1	0.56%	2023-04-04	2026-06-16
CVE-2020-20521	Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter.	[email protected]	6.1	0.56%	2023-04-04	2026-06-16
CVE-2021-36546	Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.	[email protected]	7.5	0.89%	2023-02-03	2026-06-16
CVE-2022-28445	KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module.	[email protected]	6.5	1.02%	2022-04-21	2026-06-17
CVE-2020-20672	An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file.	[email protected]	7.8	0.85%	2021-09-13	2026-06-16
CVE-2020-20671	A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account.	[email protected]	8.8	0.54%	2021-09-13	2026-06-16
CVE-2021-31731	A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter.	[email protected]	6.5	1.32%	2021-08-12	2026-06-16

cvelogic Threat Intelligence