CVE-2024-26483

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-26483

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26483.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-26483

Aliases

GHSA-xrvh-rvc4-5m43

Related

GHSA-xrvh-rvc4-5m43

Published

2024-02-22T05:15:09.973Z

Modified

2026-04-10T05:11:00.142165Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file.

References

Affected packages

Git / github.com/getkirby/kirby

Affected ranges

Type

GIT

Repo

https://github.com/getkirby/kirby

Events

Introduced

Fixed

22c2137a4b90a5b8bc54aec67f0123869d007b1a

Introduced

d210f26602cf72c926d8ccf8befd61d7831888da

Fixed

ae19b026daa771992f18404c585ed68c25499de0

Introduced

3e5899b628a2b59c1833a8d79eda292a7fe06843

Fixed

077d2d6f1fa3628632097e36bc970403854b3564

Introduced

066b0506a81fdd331edc54add601d907a61ebbb4

Fixed

d1386803fd683d188e9d68158509f99b39d6a381

Introduced

40eae8e8a4e1705412c64de63984376eeaa8b259

Last affected

1353c9fbe3ede6bee946f527d146841719eef7d5

Introduced

Last affected

d2e98d7bc032d3a7d6dc0687de7d0b88140e8497

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.6.6.5"
        },
        {
            "introduced": "3.7.0"
        },
        {
            "fixed": "3.7.5.4"
        },
        {
            "introduced": "3.8.0"
        },
        {
            "fixed": "3.8.4.3"
        },
        {
            "introduced": "3.9.0"
        },
        {
            "fixed": "3.9.8.1"
        },
        {
            "introduced": "4.0.0"
        },
        {
            "last_affected": "4.1.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.10.0"
        }
    ]
}

Affected versions

3.*

3.0.0

3.0.1

3.0.2

3.0.2-rc.1

3.0.3

3.0.3-rc.1

3.0.3-rc.2

3.0.3-rc.3

3.1.0

3.1.0-rc.1

3.1.1

3.1.2

3.1.2-rc.1

3.1.3

3.1.3-rc.1

3.1.4

3.1.4-rc.1

3.10.0

3.2.0

3.2.0-rc.1

3.2.0-rc.2

3.2.0-rc.3

3.2.0-rc.4

3.2.1

3.2.1-rc.1

3.2.2

3.2.3-rc.1

3.2.5

3.2.5-rc.1

3.2.5-rc.2

3.3.0

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

3.4.0

3.4.1

3.4.2

3.5.0

3.5.0-rc.1

3.5.0-rc.2

3.5.0-rc.3

3.5.0-rc.4

3.5.0-rc.5

3.5.0-rc.6

3.5.0-rc.7

3.5.1

3.5.1-rc.1

3.5.2

3.5.3

3.5.3.1

3.5.4

3.5.5

3.5.6

3.5.7

3.5.7.1

3.6.0

3.6.1.1

3.6.2

3.6.2-rc.1

3.6.2-rc.2

3.6.2-rc.3

3.6.3

3.6.3.1

3.6.4

3.6.5

3.6.6

3.6.6.1

3.6.6.2

3.6.6.3

3.6.6.4

3.7.0

3.7.0.1

3.7.0.2

3.7.1

3.7.2

3.7.2.1

3.7.3

3.7.4

3.7.4-rc.1

3.7.5

3.7.5.1

3.7.5.2

3.7.5.3

3.8.0

3.8.1

3.8.1.1

3.8.2

3.8.3

3.8.4

3.8.4.1

3.8.4.2

3.9.0

3.9.1

3.9.2

3.9.3

3.9.4

3.9.5

3.9.6

3.9.6-rc.1

3.9.6.1

3.9.7

3.9.8

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.1.0

4.1.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26483.json"