CVE-2023-38491

Summary

CVE-2023-38491 is a vulnerability that affects the Kirby content management system. Versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 are affected, and it impacts all Kirby sites that allow potential attackers in the group of authenticated Panel users or allow external visitors to upload arbitrary files to the content folder. However, sites that do not allow file uploads for untrusted users or visitors or have limited file extensions for uploaded files are not affected by this vulnerability. The attack requires user interaction and cannot be automated. The vulnerability allows an editor with write access to the Kirby Panel to upload a file with an unknown extension that contains harmful HTML code, such as `<script>` tags, which can then be shared with other users or visitors of the site via a direct link. If a victim opens this link on a browser where they are logged in to Kirby and the file hasn't been opened by anyone since the upload, Kirby would be unable to stop the execution of harmful content. Organizations using affected versions of Kirby should update to version 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4..1., or 3..9..6 as soon as possible in order to remediate this vulnerability and prevent potential attacks exploiting it. The potential danger posed by this vulnerability lies in the possibility of an attacker uploading malicious files containing harmful HTML code that can be executed when opened by unsuspecting users or visitors who are logged in on their browsers within the Kirby system

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.