VYPR
Moderate severityNVD Advisory· Published Feb 22, 2024· Updated Apr 22, 2025

CVE-2024-26483

CVE-2024-26483

Description

An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
getkirby/cmsPackagist
< 3.6.6.53.6.6.5
getkirby/cmsPackagist
>= 3.7.0, < 3.7.5.43.7.5.4
getkirby/cmsPackagist
>= 3.8.0, < 3.8.4.33.8.4.3
getkirby/cmsPackagist
>= 3.9.0, < 3.9.8.13.9.8.1
getkirby/cmsPackagist
>= 3.10.0, < 3.10.0.13.10.0.1
getkirby/cmsPackagist
>= 4.0.0, < 4.1.14.1.1

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.