Lucene search
Japan Vulnerability NotesJVN:34780384HistoryNov 17, 2015 - 12:00 a.m.
JVN#34780384: Kirby vulnerable to arbitrary file creation
2015-11-1700:00:00
Japan Vulnerability Notes
jvn.jp
12
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
0.003
Percentile
68.6%
Kirby is a content management system (CMS). Kirby contains a vulnerability that may allow a remote attacker to create arbitrary files.
Impact
An arbitrary file created by a logged in attacker may result in arbitrary PHP code being executed on the server.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
Products Affected
- Kirby 2.1.1 and earlier
Related
cve
cve
CVE-2015-7773
2015-11-20 03:59:02
prion
prion
Unrestricted file upload
2015-11-20 03:59:00
cvelist
cvelist
CVE-2015-7773
2015-11-20 02:00:00
nvd
nvd
CVE-2015-7773
2015-11-20 03:59:02
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
0.003
Percentile
68.6%
Related for JVN:34780384