PT-2023-12289 · Kitecms · Kitecms

Xrun66

·

Publicado

2023-02-03

·

Atualizado

2023-02-10

·

CVE-2021-36546

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions KiteCMS version 1.1
Description An issue with access control in KiteCMS allows remote attackers to view sensitive information by manipulating the path in the application URL.
Recommendations For KiteCMS version 1.1, update to a version that includes a fix for the access control issue, as the current version allows unauthorized access to sensitive information.

Exploit

Correção

Insecure Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-922

Identificadores relacionados

CVE-2021-36546

Produtos afetados

Kitecms