CVE-2024-41964

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 3.6.6.6 Kirby versions prior to 3.7.5.5 Kirby versions prior to 3.8.4.4 Kirby versions prior to 3.9.8.2 Kirby versions prior to 3.10.1.1 Kirby versions prior to 4.3.1

Description Kirby is a CMS targeting designers and editors, allowing the restriction of permissions for specific user roles. However, permission checks for creating, deleting, and updating languages were not enforced, enabling attackers with Panel access to manipulate language definitions. This could lead to significant damage, such as content loss, site availability issues, or integrity problems due to changed URLs or removed translations.

Recommendations For Kirby versions prior to 3.6.6.6, update to version 3.6.6.6 or later. For Kirby versions prior to 3.7.5.5, update to version 3.7.5.5 or later. For Kirby versions prior to 3.8.4.4, update to version 3.8.4.4 or later. For Kirby versions prior to 3.9.8.2, update to version 3.9.8.2 or later. For Kirby versions prior to 3.10.1.1, update to version 3.10.1.1 or later. For Kirby versions prior to 4.3.1, update to version 4.3.1 or later.