What is CVE-2020-26255?

CVE-2020-26255 is a medium-severity vulnerability in Getkirby Kirby, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 6.8/10. Published 2020-12-08.

How severe is CVE-2020-26255?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Arbitrary file upload in Getkirby Kirby

CVE-2020-26255

Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critica…

Vulnerability class: Unrestricted File Upload

EPSS: 0.011 (78.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N.

Affected products

Getkirby Kirby — versions < 3.4.5

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

References

packagist.org/packages/getkirby/cms (x_refsource_MISC)
packagist.org/packages/getkirby/panel (x_refsource_MISC)
github.com/getkirby/kirby/security/advisories/GHSA-g3h8-cg9x-47qw (x_refsource_CONFIRM)
github.com/getkirby/kirby/releases/tag/3.4.5 (x_refsource_MISC)
github.com/getkirby/kirby/commit/db8f371b13036861c9cc5ba3e85e27f73fce5e09 (x_refsource_MISC)
github.com/getkirby-v2/panel/commit/5a569d4e3ddaea2b6628d7ec1472a3e8bc410881 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-26255?: CVE-2020-26255 is a medium-severity vulnerability in Getkirby Kirby, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 6.8/10. Published 2020-12-08.
How severe is CVE-2020-26255?: Medium severity. CVSS v3 base score is 6.8 out of 10.