PT-2023-12289 · Kitecms · Kitecms
Xrun66
·
Published
2023-02-03
·
Updated
2023-02-10
·
CVE-2021-36546
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
KiteCMS version 1.1
Description
An issue with access control in KiteCMS allows remote attackers to view sensitive information by manipulating the path in the application URL.
Recommendations
For KiteCMS version 1.1, update to a version that includes a fix for the access control issue, as the current version allows unauthorized access to sensitive information.
Exploit
Fix
Insecure Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kitecms