Vendor
high
advisory
Kirby CMS Missing Authorization Vulnerability
2 rules 2 TTPsA missing authorization vulnerability in Kirby CMS allows authenticated users to bypass intended access restrictions on pages and files, potentially leading to unauthorized information disclosure and content modification; patched in versions 4.9.0 and 5.4.0.
cms +3
authorization
web-application
2r
2t
high
advisory
Kirby CMS Server-Side Template Injection via Double Template Resolution
2 rules 1 TTPA server-side template injection (SSTI) vulnerability exists in Kirby CMS within the option rendering feature due to double template resolution in option fields (checkboxes, color, multiselect, select, radio, tags, or toggles) when using options from a query or API with untrusted values, potentially allowing attackers to inject malicious queries.
cms
ssti
kirby
template-injection
2r
1t