Kirby vulnerable to path traversal of snippet names in the `snippet()` helper
The missing path traversal check allowed attackers to navigate and access all files on the server that were accessible to the PHP process, including files outside of the snippets root or even outside of the Kirby installation. PHP code within such files was executed. Such attacks first require an attack vector in the site code that is caused by dynamic snippet names, such as snippet('tags-' . get('tags')). It generally also …