2 matches found
Kirby: `pages.access` permission is not checked in the pages picker for parent pages
TL;DR This vulnerability affects all Kirby sites that use the pages field and where users of a particular role have no permission to access pages pages.access permission is disabled. This can be due to configuration in the user blueprints, options in the model blueprints, or a combination of both...
PT-2026-50720
Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Authenticated users can confirm the existence of arbitrary pages and retrieve their title field values. This occurs when sites use the pages field and user roles have the...