Skip to main content

Kirby CVE-2018-16627

MEDIUM
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2018-12-20 cve@mitre.org
6.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 20, 2018 - 23:29 nvd
MEDIUM 6.1

DescriptionNVD

panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature.

AnalysisAI

panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-74. panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature. Affected products include: Getkirby Kirby.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Kirby

View all
CVE-2024-26483 HIGH POC
8.8 Feb 22

An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbit

CVE-2024-26482 HIGH POC
7.1 Feb 22

An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. Rated high severity (CVSS

CVE-2025-30159 MEDIUM POC
6.3 May 13

Kirby is an open-source content management system. Rated medium severity (CVSS 6.3), this vulnerability is remotely expl

CVE-2024-26484 MEDIUM POC
6.1 Feb 22

A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers

CVE-2023-38490 CRITICAL
10.0 Jul 27

Kirby is a content management system. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, n

CVE-2021-29460 MEDIUM POC
5.4 Apr 27

Kirby is an open source CMS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack co

CVE-2018-16628 MEDIUM POC
5.4 Dec 04

panel/login in Kirby v2.5.12 allows XSS via a blog name. Rated medium severity (CVSS 5.4), this vulnerability is remotel

CVE-2020-26255 CRITICAL
9.1 Dec 08

Kirby is a CMS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. T

CVE-2023-38488 HIGH
8.8 Jul 27

Kirby is a content management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low at

CVE-2018-16630 MEDIUM POC
4.8 Dec 28

Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file. Rated medium severity (CVSS 4.8), t

CVE-2024-26481 MEDIUM POC
4.7 Feb 22

Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter. Rated medium severi

CVE-2018-14519 MEDIUM POC
4.3 Aug 24

An issue was discovered in Kirby 2.5.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, n

Share

CVE-2018-16627 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy