CMS
getkirby/kirby
Kirby's core application folder
#kirby#cms#content-management#cms-framework#file-based#php8#flat-file#flat-file-cms#headless-cms
スコア
90
/ 100
Star
1,500
Fork
186
Open Issue
122
サイズ
59MB
言語
PHP ★
最終push
0 日前
Docker
—
採点内訳
過去CVE 20件 (やや多い)
✓直近 push: 0 日前
✓得意言語 (PHP)
✓オープンissue 122件
✓中規模 (59MB)
✓Docker 未対応
—1k–10k: 初心者ベスト (★1,500)
✓※ 各項目の重みは「採点ルール」を参照。合計は 0 で底打ち。
過去の SecurityAdvisory (20 件)
- System API endpoint leaks installed version and license data to authenticated users
- Page creation API bypasses `changeStatus` permission check via unfiltered `isDraft` parameter
- User avatar creation, replacement and deletion are not gated by user update permissions
- XML Injection in the XML creator toolkit
- Read access to site, user and role information is not gated by permissions
- `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API
- Page, file and user creation APIs bypass `create` permission check via unfiltered `blueprint` parameter
- Server-Side Template Injection (SSTI) via double template resolution in option rendering
- Missing permission checks in the content changes API
- Cross-site scripting (XSS) in the changes dialog
- Path traversal in the router for PHP's built-in server
- Path traversal of collection names during file system lookup
- Path traversal of snippet names during file system lookup
- Insufficient permission checks in the language settings
- Unrestricted file upload of user avatar images
- Cross-site scripting (XSS) in the link field "Custom" type
- Self cross-site scripting (self-XSS) in the URL field
- Denial of service from unlimited password lengths
- Insufficient Session Expiration after a password change
- Cross-site scripting (XSS) from MIME type auto-detection of uploaded files