CVE-2020-20672

Name of the Vulnerable Software and Affected Versions: KiteCMS version 1.1

Description: An arbitrary file upload vulnerability in the "/admin/upload/uploadfile" API endpoint of KiteCMS allows attackers to upload a crafted PHP file, potentially leading to unauthorized access.

Recommendations: For KiteCMS version 1.1, consider disabling the "/admin/upload/uploadfile" API endpoint until a patch is available to prevent exploitation. Restrict access to the upload functionality to minimize the risk of unauthorized file uploads. At the moment, there is no information about a newer version that contains a fix for this vulnerability.