Alilovetaozi

Name of the Vulnerable Software and Affected Versions: ZKEACMS version 3.2.0 Description: An arbitrary file upload issue in the "/admin/media/upload" API endpoint allows attackers to execute arbitrary code via a crafted HTML file. Recommendations: For ZKEACMS version 3.2.0, consider disabling the "/admin/media/upload" API endpoint until a patch is available to prevent exploitation. Restrict access to this endpoint to minimize the risk of arbitrary code execution. Avoid using this endpoint with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: KiteCMS version 1.1 Description: A cross-site request forgery (CSRF) issue allows attackers to arbitrarily add an administrator account. This can lead to unauthorized access and control of the system. Recommendations: For KiteCMS version 1.1, consider implementing proper CSRF token validation to prevent unauthorized requests. As a temporary workaround, restrict access to administrator account creation functionality until a patch is available.

Name of the Vulnerable Software and Affected Versions: KiteCMS version 1.1 Description: An arbitrary file upload vulnerability in the "/admin/upload/uploadfile" API endpoint of KiteCMS allows attackers to upload a crafted PHP file, potentially leading to unauthorized access. Recommendations: For KiteCMS version 1.1, consider disabling the "/admin/upload/uploadfile" API endpoint until a patch is available to prevent exploitation. Restrict access to the upload functionality to minimize the risk of unauthorized file uploads. At the moment, there is no information about a newer version that contains a fix for this vulnerability.