2 matches found
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the /api/site/find route. An attacker can access sensitive page information, including full content and metadata, by sending requests with known or guessed page IDs or UUIDs as an authenticated user. This is on...
PT-2026-50726
Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Missing authorization in the content management system allows authenticated users to retrieve information for arbitrary published pages. By knowing or guessing page IDs or...