漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Kirby: External Initialization of the Panel on reverse proxy setups with the `Forwarded` header
Vulnerability Description
Kirby is an open-source content management system. Prior to 4.9.4 and from 5.4.4, Kirby sites with no configured user accounts that run on publicly accessible servers behind a reverse proxy setting the Forwarded, X-Client-IP, or X-Real-IP request header could allow remote attackers to install the Panel and create the first admin user because local-IP checks trusted those headers incorrectly. This issue is fixed in versions 4.9.4 and 5.4.4.
CVSS Information
N/A
Vulnerability Type
可信任变量或数据存储的外部初始化
Vulnerability Title
getkirby kirby 输入验证错误漏洞
Vulnerability Description
getkirby Kirby是getkirby个人开发者开源的一套基于文件的内容管理系统。 getkirby kirby存在输入验证错误漏洞,该漏洞源于未正确信任反向代理设置的Forwarded、X-Client-IP或X-Real-IP请求标头,允许远程攻击者安装Panel并创建第一个管理员用户。以下版本受到影响:4.9.4之前版本和5.0.0至5.4.4之前版本。
CVSS Information
N/A
Vulnerability Type
N/A