Kirby CMS versions 2.1.0 and below suffer from an authentication bypass vulnerability via path traversal.