6 matches found
CVE-2025-31493
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the collection helper or $kirby-collection method with a dynamic collection name such as a collection name that depends on request or user data...
CVE-2025-31493
creationtimestamp| type| source ---|---|--- 2025-05-13 16:31:44+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp2vixor7zr2 2025-05-13 16:48:02+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lp2wsu7f3c2h 2025-05-13...
CVE-2025-31493
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the collection helper or $kirby-collection method with a dynamic collection name such as a collection name that depends on request or user data...
CVE-2025-31493 Path traversal of collection names during file system lookup
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the collection helper or $kirby-collection method with a dynamic collection name such as a collection name that depends on request or user data...
CVE-2025-31493
Kirby CVE-2025-31493 affects versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 where dynamic collection names passed to collection() or $kirby->collection() can bypass validation, enabling path traversal. The missing check allowed traversal outside the configured collections root (and even Kirby ...
CVE-2025-31493 Path traversal of collection names during file system lookup
Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the collection helper or $kirby-collection method with a dynamic collection name such as a collection name that depends on request or user data...