Kirby 2.1.1

Important Security Update

An anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure program has reported two vulnerabilities in Kirby 2.1.0 today.

The first vulnerability allows to bypass panel authentication in a hosting environment where users within the same shared environment can save/read files in a directory accessible by both the victim and the attacker.

The second issue allows authenticated users to upload normally disallowed PHP script files via the panel combined with a cross-site scripting attack.

Every Kirby 2 website should be updated immediately to 2.1.1 to fix the vulnerabilities.

You can find detailed instructions on how to update your current installation in our docs.

Download Kirby 2.1.1

http://download.getkirby.com

Github

Contact

For further questions please don't hesitate to send an email at: support@getkirby.com

Our partners

CDN by KeyCDN Image hosting by imgIX Search by Algolia Issue tracking by Codetree

Top