GHSA-fr72-9665-w3gr: Duplicate Advisory: Unrestricted file upload of user avatar images

February 22, 2024 (updated February 26, 2024)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-xrvh-rvc4-5m43. This link is maintained to preserve external references.

Original Description

An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file.

References

github.com/advisories/GHSA-fr72-9665-w3gr
nvd.nist.gov/vuln/detail/CVE-2024-26483
shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Unrestricted-File-Upload-dc60ce3132f04442b73f2dba2631fae0?pvs=4

Detect and mitigate GHSA-fr72-9665-w3gr with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →