Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
getgrav grav vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-37897
Grav is a file-based Web-platform built in PHP. Grav is subject to a server side template injection (SSTI) vulnerability. The fix for another SSTI vulnerability using `|map`, `|filter` and `|reduce` twigs implemented in the commit `71bbed1` introduces bypass of the denylist due t...
Getgrav Grav 1.7.42.1
Getgrav Grav 1.7.42
5.5
CVSSv3
CVE-2020-29556
The Backup functionality in Grav CMS up to and including 1.7.0-rc.17 allows an authenticated malicious user to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker du...
Getgrav Grav Cms
Getgrav Grav Cms 1.7.0
8.8
CVSSv3
CVE-2020-29553
The Scheduler in Grav CMS up to and including 1.7.0-rc.17 allows an malicious user to execute a system command by tricking an admin into visiting a malicious website (CSRF).
Getgrav Grav Cms
Getgrav Grav Cms 1.7.0
8.1
CVSSv3
CVE-2020-29555
The BackupDelete functionality in Grav CMS up to and including 1.7.0-rc.17 allows an authenticated malicious user to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker ...
Getgrav Grav Cms
Getgrav Grav Cms 1.7.0
5.4
CVSSv3
CVE-2022-0268
Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav before 1.7.28.
Getgrav Grav
7.2
CVSSv3
CVE-2022-2073
Code Injection in GitHub repository getgrav/grav before 1.7.34.
Getgrav Grav
7.2
CVSSv3
CVE-2023-34251
Grav is a flat-file content management system. Versions before 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. Version 1.7.42 contains a ...
Getgrav Grav
7.2
CVSSv3
CVE-2021-29440
Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privile...
Getgrav Grav
1 Github repository
5.4
CVSSv3
CVE-2022-1173
stored xss in GitHub repository getgrav/grav before 1.7.33.
Getgrav Grav
7.5
CVSSv3
CVE-2021-3924
grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Getgrav Grav
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »