Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
getgrav grav vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-37897
Grav is a file-based Web-platform built in PHP. Grav is subject to a server side template injection (SSTI) vulnerability. The fix for another SSTI vulnerability using `|map`, `|filter` and `|reduce` twigs implemented in the commit `71bbed1` introduces bypass of the denylist due t...
Getgrav Grav 1.7.42.1
Getgrav Grav 1.7.42
8.1
CVSSv3
CVE-2020-29555
The BackupDelete functionality in Grav CMS up to and including 1.7.0-rc.17 allows an authenticated malicious user to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker ...
Getgrav Grav Cms
Getgrav Grav Cms 1.7.0
8.8
CVSSv3
CVE-2020-29553
The Scheduler in Grav CMS up to and including 1.7.0-rc.17 allows an malicious user to execute a system command by tricking an admin into visiting a malicious website (CSRF).
Getgrav Grav Cms
Getgrav Grav Cms 1.7.0
5.5
CVSSv3
CVE-2020-29556
The Backup functionality in Grav CMS up to and including 1.7.0-rc.17 allows an authenticated malicious user to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker du...
Getgrav Grav Cms
Getgrav Grav Cms 1.7.0
6.1
CVSSv3
CVE-2023-34452
Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgot_password" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the "email" parameter of the request. While this v...
Getgrav Grav
5.4
CVSSv3
CVE-2022-1173
stored xss in GitHub repository getgrav/grav before 1.7.33.
Getgrav Grav
5.4
CVSSv3
CVE-2023-31506
A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated malicious users to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.
Getgrav Grav
5.3
CVSSv3
CVE-2021-3818
grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking
Getgrav Grav
4.6
CVSSv3
CVE-2022-0743
Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav before 1.7.31.
Getgrav Grav
5.4
CVSSv3
CVE-2022-0268
Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav before 1.7.28.
Getgrav Grav
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »