[MEDIUM] Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5

PKSA-7jnm-d2v8-r697 CVE-2020-26255 GHSA-g3h8-cg9x-47qw

Affected package: getkirby/cms

Affected version: >=3.0.0,<3.4.5

Reported by:
GitHub