VYPR

Vendor CVEs

Getkirby

All CVEs

53 total · sorted by risk
  • CVE-2018-16627Dec 20, 2018
    risk 0.00cvss epss 0.01

    panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature.

  • CVE-2018-16628Dec 4, 2018
    risk 0.00cvss epss 0.01

    panel/login in Kirby v2.5.12 allows XSS via a blog name.

  • CVE-2015-7773Nov 20, 2015
    risk 0.00cvss epss 0.01

    Unrestricted file upload vulnerability in the Panel component in Bastian Allgeier Kirby before 2.1.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file that lacks an extension, and then renaming this file to have a .php extension.

Page 2 of 2