Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/15 4:34 p.m.30 views

CVE-2025-31493

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the collection helper or $kirby-collection method with a dynamic collection name such as a collection name that depends on request or user data...

9.1CVSS6.8AI score0.00496EPSS
Exploits0References1
Circl
Circl
added 2025/05/13 4:31 p.m.21 views

CVE-2025-31493

creationtimestamp| type| source ---|---|--- 2025-05-13 16:31:44+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp2vixor7zr2 2025-05-13 16:48:02+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lp2wsu7f3c2h 2025-05-13...

9.1CVSS4.8AI score0.00496EPSS
Exploits0References4
NVD
NVD
added 2025/05/13 4:15 p.m.28 views

CVE-2025-31493

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the collection helper or $kirby-collection method with a dynamic collection name such as a collection name that depends on request or user data...

9.1CVSS0.00496EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/05/13 3:24 p.m.30 views

CVE-2025-31493 Path traversal of collection names during file system lookup

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the collection helper or $kirby-collection method with a dynamic collection name such as a collection name that depends on request or user data...

6.3CVSS0.00496EPSS
Exploits0References4
CVE
CVE
added 2025/05/13 3:24 p.m.45 views

CVE-2025-31493

Kirby CVE-2025-31493 affects versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 where dynamic collection names passed to collection() or $kirby->collection() can bypass validation, enabling path traversal. The missing check allowed traversal outside the configured collections root (and even Kirby ...

9.1CVSS6.5AI score0.00496EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/13 3:24 p.m.7 views

CVE-2025-31493 Path traversal of collection names during file system lookup

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the collection helper or $kirby-collection method with a dynamic collection name such as a collection name that depends on request or user data...

6.3CVSS6.5AI score0.00496EPSS
Exploits0References4
Rows per page
Query Builder