2 matches found
CVE-2020-26255 PHP Phar archives could be uploaded and executed in Kirby
Kirby is a CMS. In Kirby CMS getkirby/cms before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of...
CVE-2020-26255
CVE-2020-26255 affects Kirby CMS (getkirby/cms) before 3.4.5 and Kirby Panel before 2.5.14. A user with full access to Kirby Panel can upload a PHP Phar file and execute it on the server, enabling code execution. The vulnerability is reported as critical when authenticated Panel users may exist; ...