2 matches found
Kirby: Access to files of top-level drafts is not protected by permissions
TL;DR This vulnerability affects Kirby 5 sites that have the content.fileRedirects option enabled set to true or a custom closure as well as all Kirby 4 sites that haven't explicitly disabled this option. It was possible to access clean file URLs of top-level drafts e.g. /about-us/team.jpg withou...
PT-2026-50725
Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Kirby sites with the content.fileRedirects option enabled allow unauthenticated users to access clean file URLs for files stored in top-level draft pages. The system...