0x5t4l1n/CVE
1
0
Fork 0
mirror of https://github.com/0x5t4l1n/CVE.git synced 2026-05-26 19:26:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Stalin
2026-03-26 21:47:17 +05:30
committed by GitHub
parent 20569e7973
commit 4713ee1db8
1 changed files with 38 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+38 -1
View File
@@ -1 +1,38 @@
# CVE-2026-29905 # CVE-2026-29905 — Kirby CMS Persistent DoS via Malformed Image Upload
## Overview
A authenticated user with **Editor** permissions can upload a malformed file with an image extension to cause a persistent Denial of Service in Kirby CMS.
**CVE ID:** CVE-2026-29905
**Affected Version:** Kirby CMS ≤ 5.1.4
**Fixed In:** Kirby CMS 5.2.0-rc.1
**Severity:** Medium
**CWE:** CWE-252 (Unchecked Return Value), CWE-20 (Improper Input Validation)
---
## Description
Kirby processes uploaded image files using PHP's `getimagesize()` function without validating its return value. When a malformed file is uploaded with a valid image extension (e.g. `.jpg`), `getimagesize()` returns `false` instead of an array. The application then triggers a fatal `TypeError` during thumbnail generation or metadata processing.
The crash persists across page reloads until the file is manually removed from the filesystem.
---
## Impact
- Any Editor-role user (non-admin) can trigger the DoS condition.
- Affected pages return HTTP 500 until the file is removed manually.
---
## Fix
Patched in [Kirby CMS 5.2.0-rc.1](https://github.com/getkirby/kirby/releases/tag/5.2.0-rc.1).
---
## Discoverer
**Stalin S** ([@Stalin-143](https://github.com/Stalin-143))