← Back

Kkcms

kkcms

Vendor: Kkcms Project • 3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-32101
1Kkcms Project
1Kkcms
Jun 17, 2026
Jun 15, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
kkcms v1.3.7 was discovered to contain a SQL injection vulnerability via the cid parameter at /template/wapian/vlist.php.
CVE-2019-16923
1Kkcms Project
1Kkcms
Jun 17, 2026
Sep 27, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
kkcms 1.3 has jx.php?url= XSS.
CVE-2019-16706
1Kkcms Project
1Kkcms
Jun 17, 2026
Sep 23, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php.