Create reported/ directory and move all CVE files into it

Agent-Logs-Url: https://github.com/Stalin-143/CVE/sessions/60d91e38-5aaf-4d3e-9b6e-5bda848b4d3f Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
2026-05-26 11:25:49 +00:00 · 2026-05-01 16:40:58 +00:00
parent 725ff2c576
commit 528971beb3
3 changed files with 0 additions and 0 deletions
@@ -0,0 +1,52 @@
+![CVE](https://img.shields.io/badge/CVE-2026--29905-red)
+
+# CVE-2026-29905 — Kirby CMS Persistent DoS via Malformed Image Upload
+
+> CVE-2026-29905 has been officially published by MITRE.
+
+## Overview
+
+A authenticated user with **Editor** permissions can upload a malformed file with an image extension to cause a persistent Denial of Service in Kirby CMS.
+
+**CVE ID:** CVE-2026-29905  
+**Affected Version:** Kirby CMS ≤ 5.1.4  
+**Fixed In:** Kirby CMS 5.2.0-rc.1  
+**Severity:** Medium  
+**CWE:** CWE-252 (Unchecked Return Value), CWE-20 (Improper Input Validation)
+
+---
+
+## Description
+
+Kirby processes uploaded image files using PHP's `getimagesize()` function without validating its return value. When a malformed file is uploaded with a valid image extension (e.g. `.jpg`), `getimagesize()` returns `false` instead of an array. The application then triggers a fatal `TypeError` during thumbnail generation or metadata processing.
+
+The crash persists across page reloads until the file is manually removed from the filesystem.
+
+---
+
+## Impact
+
+- Any Editor-role user (non-admin) can trigger the DoS condition.
+- Affected pages return HTTP 500 until the file is removed manually.
+
+---
+
+## Fix
+
+Patched in [Kirby CMS 5.2.0-rc.1](https://github.com/getkirby/kirby/releases/tag/5.2.0-rc.1).
+
+---
+ 
+## References
+
+- [CVE-2026-29905 on cve.org](https://www.cve.org/CVERecord?id=CVE-2026-29905)
+- [CVE-2026-29905 on NVD](https://nvd.nist.gov/vuln/detail/CVE-2026-29905)
+- [GHSA-cw7v-45wm-mcf2](https://github.com/advisories/GHSA-cw7v-45wm-mcf2)
+- [PoC – Stalin-143/CVE-2026-29905](https://github.com/Stalin-143/CVE-2026-29905)
+- [Kirby CMS 5.2.0-rc.1 Release](https://github.com/getkirby/kirby/releases/tag/5.2.0-rc.1)
+- [Supporting Document (Google Drive)](https://drive.google.com/file/d/1MwvvSYIwnC8kOIzjycGMQZw4d2K2ef8h/view?usp=sharing)
+ 
+---
+## Discoverer
+
+**Stalin S** ([@Stalin-143](https://github.com/Stalin-143))
@@ -0,0 +1,23 @@
+![CVE](https://img.shields.io/badge/CVE-2026--41037-red)
+
+# CVE-2026-41037 — Missing Rate Limiting (Quantum Networks Router)
+
+**Severity:** High (8.7)  
+**CWE:** CWE-307  
+
+## Summary
+Missing rate limiting in the router login allows brute-force attacks, leading to admin/root access.
+
+## Impact
+- Full device compromise  
+- Unauthorized access  
+
+## Fix
+Add rate limiting, CAPTCHA, or account lockout.
+
+## References
+- https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200  
+- https://www.cve.org/CVERecord?id=CVE-2026-41037  
+
+## Credits
+Rakesh Elamaran, Stalin S, Janish Andrin J, Kali Vignesh SM, Arkino Robilin R, Kalpana B N
@@ -0,0 +1,23 @@
+![CVE](https://img.shields.io/badge/CVE-2026--41039-red)
+
+# CVE-2026-41039 — Information Disclosure (Quantum Networks Router)
+
+**Severity:** High (8.7)  
+**CWE:** CWE-306  
+
+## Summary
+Missing authentication and improper access control expose internal API endpoints, allowing attackers to access sensitive data.
+
+## Impact
+- Information disclosure  
+- Exposure of internal endpoints, scripts, directories  
+
+## Fix
+Enforce authentication, secure API endpoints, and harden default configurations.
+
+## References
+- https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2026-0200  
+- https://www.cve.org/CVERecord?id=CVE-2026-41039  
+
+## Credits
+Rakesh Elamaran, Joel William A, Bajino Viju, Stalin S, Janish Andrin J, Kalpana B N