Catw0Rld

**Name of the Vulnerable Software and Affected Versions** KiteCMS version 1.1.1 **Description** A directory traversal issue allows remote administrators to overwrite arbitrary files by utilizing ../ in the path parameter to "index.php/admin/Template/fileedit". This can be done with PHP code in the `html` parameter. **Recommendations** For KiteCMS version 1.1.1, as a temporary workaround, consider restricting access to the "index.php/admin/Template/fileedit" endpoint until a patch is available. Avoid using the `html` parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.