Tag
Kirby CMS versions 5.3.0 through 5.4.0 are vulnerable to pre-authentication path traversal, allowing an attacker to include arbitrary PHP files with the filename `index.php`, potentially leading to sensitive information disclosure or malicious actions due to insufficient validation of the provided user ID during user lookup.