CVE-2015-7773

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 2.1.2

Description The issue allows remote authenticated users to execute arbitrary PHP code by uploading a file without an extension and then renaming it to have a .php extension. This is due to an unrestricted file upload vulnerability in the Panel component.

Recommendations For versions prior to 2.1.2, update to version 2.1.2 or later to resolve the issue. As a temporary workaround, consider restricting file uploads in the Panel component to prevent exploitation.