Browse all 29 CVE security advisories affecting getkirby. AI-powered Chinese analysis, POCs, and references for each vulnerability.
GetKirby is a flat-file CMS designed for web developers, utilizing PHP and YAML to manage content without a database. Its architecture, while simplifying deployment, has historically exposed it to significant security risks, resulting in twenty-five recorded CVEs. The most prevalent vulnerability classes involve Remote Code Execution (RCE) and Cross-Site Scripting (XSS), often stemming from insufficient input validation in file handling and template rendering processes. Privilege escalation flaws have also been documented, allowing unauthorized users to gain administrative access. A notable incident involved a critical RCE vulnerability in the panel’s file upload functionality, which permitted attackers to execute arbitrary code on the server. These issues highlight the challenges of maintaining security in flat-file systems where traditional database protections are absent, necessitating rigorous code auditing and strict access controls to mitigate the inherent risks associated with its design philosophy.
Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with getkirby. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.