CVE-2023-38488

Summary

CVE-2023-38488 is a vulnerability affecting versions of Kirby, a content management system, prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. This issue allows authenticated users or external visitors with write access to manipulate content files through a field injection vulnerability. Kirby stores content in text files using its KirbyData format, where fields are separated by newlines and a line of four dashes. The vulnerability arises due to the affected code's failure to correctly detect Unicode Byte Order Mark (BOM) sequences when writing to KirbyData files. An attacker can exploit this by including a BOM sequence in a field separator, which is not detected as a separator during writing but causes the injected data to be interpreted as a new field when reading the file. The impact of this vulnerability depends on the affected field type and usage, and in some cases, it could lead to altered site content, broken site behavior, or the injection of malicious data or code. The maintainers have released patches for this issue in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6, which fix the vulnerability by only removing the BOM sequence at the beginning of the file when reading, preventing the injection of unintended fields.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.