PT-2022-8035 · Kirby · Kirby

Zaran Shaikh

Published

2022-08-24

Updated

2022-08-29

CVE-2018-14519

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Kirby version 2.5.12

Description The delete page functionality in Kirby suffers from a CSRF flaw, allowing a remote attacker to craft a malicious page and force the user to delete a page.

Recommendations For Kirby version 2.5.12, consider disabling the delete page functionality until a patch is available to prevent exploitation of the CSRF flaw. Restrict access to the delete page feature to minimize the risk of unauthorized page deletion.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2018-14519

GHSA-C7X2-7H8R-JQ4M

Affected Products

Kirby

PT-2022-8035 · Kirby · Kirby

CVE-2018-14519

Weakness Enumeration

Related Identifiers

Affected Products

References · 7