Moderate severityNVD Advisory· Published Feb 22, 2024· Updated Apr 22, 2025
CVE-2024-26483
CVE-2024-26483
Description
An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
getkirby/cmsPackagist | < 3.6.6.5 | 3.6.6.5 |
getkirby/cmsPackagist | >= 3.7.0, < 3.7.5.4 | 3.7.5.4 |
getkirby/cmsPackagist | >= 3.8.0, < 3.8.4.3 | 3.8.4.3 |
getkirby/cmsPackagist | >= 3.9.0, < 3.9.8.1 | 3.9.8.1 |
getkirby/cmsPackagist | >= 3.10.0, < 3.10.0.1 | 3.10.0.1 |
getkirby/cmsPackagist | >= 4.0.0, < 4.1.1 | 4.1.1 |
Affected products
2- Kirby/CMSdescription
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.