CVE-2020-26255
published 2020-12-08CVE-2020-26255: Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can…
PriorityP351critical9.1CVSS 3.1
AVNACLPRHUINSCCHIHAH
EPSS
1.47%
70.5th percentile
Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can gain access to the server with such a Phar file. Visitors without Panel access *cannot* use this attack vector. The problem has been patched in Kirby 2.5.14 and Kirby 3.4.5. Please update to one of these or a later version to fix the vulnerability. Note: Kirby 2 reaches end of life on December 31, 2020. We therefore recommend to upgrade your Kirby 2 sites to Kirby 3. If you cannot upgrade, we still recommend to update to Kirby 2.5.14.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| getkirby | cms | >= 3.0.0 < 3.4.5 | 3.4.5 |
| getkirby | kirby | < 3.4.5 | 3.4.5 |
| getkirby | panel | < 2.5.14 | 2.5.14 |
| getkirby | panel | >= 0 < 2.5.14 | 2.5.14 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
ghsa·2020-12-08
CVE-2020-26255 [MEDIUM] CWE-434 Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
### Impact
An editor with full access to the Kirby Panel can upload a PHP `.phar` file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can gain access to the server with such a Phar file.
Visitors without Panel access *cannot* use this attack vector.
### Patches
The problem has been patched in [Kirby 2.5.14](https://github.com/getkirby-v2/panel/releases/tag/2.5.14) and [Kirby 3.4.5](https://github.com/getkirby/kirby/releases/tag/3.4.5). Please update to one of these or a [later version](https://github.com/getkirby/kirby/releases/) to fix the vulnerability.
**Note:** Kirby 2 reaches end of lif
OSV
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
osv·2020-12-08
CVE-2020-26255 [MEDIUM] Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
### Impact
An editor with full access to the Kirby Panel can upload a PHP `.phar` file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can gain access to the server with such a Phar file.
Visitors without Panel access *cannot* use this attack vector.
### Patches
The problem has been patched in [Kirby 2.5.14](https://github.com/getkirby-v2/panel/releases/tag/2.5.14) and [Kirby 3.4.5](https://github.com/getkirby/kirby/releases/tag/3.4.5). Please update to one of these or a [later version](https://github.com/getkirby/kirby/releases/) to fix the vulnerability.
**Note:** Kirby 2 reaches end of lif
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/getkirby-v2/panel/commit/5a569d4e3ddaea2b6628d7ec1472a3e8bc410881https://github.com/getkirby/kirby/commit/db8f371b13036861c9cc5ba3e85e27f73fce5e09https://github.com/getkirby/kirby/releases/tag/3.4.5https://github.com/getkirby/kirby/security/advisories/GHSA-g3h8-cg9x-47qwhttps://packagist.org/packages/getkirby/cmshttps://packagist.org/packages/getkirby/panelhttps://github.com/getkirby-v2/panel/commit/5a569d4e3ddaea2b6628d7ec1472a3e8bc410881https://github.com/getkirby/kirby/commit/db8f371b13036861c9cc5ba3e85e27f73fce5e09https://github.com/getkirby/kirby/releases/tag/3.4.5https://github.com/getkirby/kirby/security/advisories/GHSA-g3h8-cg9x-47qwhttps://packagist.org/packages/getkirby/cmshttps://packagist.org/packages/getkirby/panel
2020-12-08
Published