Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
getgrav grav admin vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-29439
The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary...
Getgrav Grav Admin
7.5
CVSSv2
CVE-2021-21425
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and previous versions, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method...
Getgrav Grav-plugin-admin
2 Github repositories
5.8
CVSSv2
CVE-2021-3799
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames
Getgrav Grav-plugin-admin
3.5
CVSSv2
CVE-2021-3920
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Getgrav Grav-plugin-admin
5.1
CVSSv2
CVE-2020-29553
The Scheduler in Grav CMS up to and including 1.7.0-rc.17 allows an malicious user to execute a system command by tricking an admin into visiting a malicious website (CSRF).
Getgrav Grav Cms
Getgrav Grav Cms 1.7.0
NA
CVE-2023-37897
Grav is a file-based Web-platform built in PHP. Grav is subject to a server side template injection (SSTI) vulnerability. The fix for another SSTI vulnerability using `|map`, `|filter` and `|reduce` twigs implemented in the commit `71bbed1` introduces bypass of the denylist due t...
Getgrav Grav 1.7.42.1
Getgrav Grav 1.7.42
NA
CVE-2023-34253
Grav is a flat-file content management system. Prior to version 1.7.42, the denylist introduced in commit 9d6a2d to prevent dangerous functions from being executed via injection of malicious templates was insufficient and could be easily subverted in multiple ways -- (1) using un...
Getgrav Grav
NA
CVE-2023-34252
Grav is a flat-file content management system. Prior to version 1.7.42, there is a logic flaw in the `GravExtension.filterFilter()` function whereby validation against a denylist of unsafe functions is only performed when the argument passed to filter is a string. However, passin...
Getgrav Grav
4.3
CVSSv2
CVE-2018-5233
Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS prior to 1.3.0 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to admin/tools.
Getgrav Grav Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started