Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter.
6.1CVSS
6.4AI Score
0.001EPSS
Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter.
6.1CVSS
6.4AI Score
0.001EPSS
A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers to arbitrarily add an administrator account.
8.8CVSS
8.7AI Score
0.001EPSS
An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file.
7.8CVSS
7.5AI Score
0.001EPSS
Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type.
9.8CVSS
9.6AI Score
0.006EPSS
A directory traversal issue in KiteCMS 1.1.1 allows remote administrators to overwrite arbitrary files via ../ in the path parameter to index.php/admin/Template/fileedit, with PHP code in the html parameter.
6.5CVSS
6.6AI Score
0.001EPSS
File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function.
7.2CVSS
7.3AI Score
0.001EPSS
Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL.
7.5CVSS
7.3AI Score
0.003EPSS
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background management module.
6.5CVSS
6.5AI Score
0.001EPSS