Lukaskleinschmidt

**Name of the Vulnerable Software and Affected Versions** Kirby versions 5.0.0 through 5.2.1 **Description** Kirby is an open-source content management system. Versions 5.0.0 through 5.2.1 are missing permission checks in the content changes API. This affects Kirby sites where user permissions are configured to prevent specific roles from performing write actions, specifically by disabling the update permission to prevent modifications to site content. The issue does not affect installations with default user permissions. The content changes API allows unauthorized modifications to site content. The vulnerable API endpoint is not specified. The vulnerable parameter or variable is not specified. The vulnerable function is not specified. **Recommendations** Update to version 5.2.2 or later.