GHSA-fr72-9665-w3gr

Опубликовано: 22 фев. 2024

Источник: github

Github: Прошло ревью

Описание

Duplicate Advisory: Unrestricted file upload of user avatar images

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-xrvh-rvc4-5m43. This link is maintained to preserve external references.

Original Description

An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file.

Ссылки

https://github.com/getkirby/kirby/security/advisories/GHSA-xrvh-rvc4-5m43
https://nvd.nist.gov/vuln/detail/CVE-2024-26483
https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Unrestricted-File-Upload-dc60ce3132f04442b73f2dba2631fae0?pvs=4

Пакеты

Наименование

getkirby/cms

composer

Затронутые версииВерсия исправления

<= 4.1.0

4.1.1