CVE-2023-26265

Name of the Vulnerable Software and Affected Versions Backdrop CMS Borg theme versions prior to 1.1.19

Description The issue arises from insufficient sanitization of path arguments passed via a URL. Specifically, the function borg preprocess page in the file template.php does not properly sanitize incoming path arguments before using them. This lack of sanitization can lead to potential security issues.

Recommendations For versions prior to 1.1.19, update to version 1.1.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the borg preprocess page function in the template.php file until a patch is applied.