cbcvebase.

Getkirby Panel vulnerabilities

3 known vulnerabilities affecting getkirby/panel.

Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2020-26255P3CRITICALCVSS 9.1fixed in 2.5.142020-12-08
CVE-2020-26255 [CRITICAL] CWE-434 CVE-2020-26255: Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5 Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can gain access to
ghsanvdosv
CVE-2017-16807P4MEDIUMCVSS 5.4PoCfixed in 2.3.3≥ 2.4.0, < 2.4.2+1 more2017-11-13
CVE-2017-16807 [MEDIUM] CWE-79 CVE-2017-16807: A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5. A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.
nvd
CVE-2020-26253P4MEDIUMCVSS 5.9fixed in 2.5.142020-12-08
CVE-2020-26253 [MEDIUM] CWE-346 CVE-2020-26253: Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and Kirby Panel before version 2.5 Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on public servers that don't have an admin account for the Panel yet, we block account registration there by defaul
ghsanvdosv
Getkirby Panel vulnerabilities | cvebase