CVE-2021-31731

Name of the Vulnerable Software and Affected Versions KiteCMS version 1.1.1

Description A directory traversal issue allows remote administrators to overwrite arbitrary files by utilizing ../ in the path parameter to "index.php/admin/Template/fileedit". This can be done with PHP code in the html parameter.

Recommendations For KiteCMS version 1.1.1, as a temporary workaround, consider restricting access to the "index.php/admin/Template/fileedit" endpoint until a patch is available. Avoid using the html parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.