CVE-2020-26255

🗓️ 08 Dec 2020 15:11:15Reported by [email protected]Type

Kirby CMS before 3.4.5 and Panel before 2.5.14 allows upload of PHP .phar files by full access editors leading to critical remote code execution vulnerability

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 6
OSV	CVE-2020-26255	8 Dec 202015:15	–	osv
OSV	Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5	8 Dec 202014:42	–	osv
Github Security Blog	Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5	8 Dec 202014:42	–	github
Cvelist	CVE-2020-26255 PHP Phar archives could be uploaded and executed in Kirby	8 Dec 202014:45	–	cvelist
Prion	Code injection	8 Dec 202015:15	–	prion
CVE	CVE-2020-26255	8 Dec 202015:15	–	cve

Nvd

Node

getkirby kirbyRange<3.4.5

getkirby panelRange<2.5.14

Source	Link
github	www.github.com/getkirby/kirby/commit/db8f371b13036861c9cc5ba3e85e27f73fce5e09
github	www.github.com/getkirby/kirby/security/advisories/GHSA-g3h8-cg9x-47qw
github	www.github.com/getkirby/kirby/releases/tag/3.4.5
packagist	www.packagist.org/packages/getkirby/panel
github	www.github.com/getkirby-v2/panel/commit/5a569d4e3ddaea2b6628d7ec1472a3e8bc410881
packagist	www.packagist.org/packages/getkirby/cms

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

08 Dec 2020 15:15Current

7.5High risk

Vulners AI Score7.5

CVSS26.5

CVSS39.1

EPSS0.0076

CWE-434