Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
getgrav grav cms vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2020-29556
The Backup functionality in Grav CMS up to and including 1.7.0-rc.17 allows an authenticated malicious user to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker du...
Getgrav Grav Cms 1.7.0
Getgrav Grav Cms
8.8
CVSSv3
CVE-2020-29553
The Scheduler in Grav CMS up to and including 1.7.0-rc.17 allows an malicious user to execute a system command by tricking an admin into visiting a malicious website (CSRF).
Getgrav Grav Cms 1.7.0
Getgrav Grav Cms
8.1
CVSSv3
CVE-2020-29555
The BackupDelete functionality in Grav CMS up to and including 1.7.0-rc.17 allows an authenticated malicious user to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker ...
Getgrav Grav Cms 1.7.0
Getgrav Grav Cms
6.1
CVSSv3
CVE-2018-5233
Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS prior to 1.3.0 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to admin/tools.
Getgrav Grav Cms
6.1
CVSSv3
CVE-2019-16126
Grav up to and including 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images.
Getgrav Grav Cms
7.2
CVSSv3
CVE-2021-29440
Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privile...
Getgrav Grav
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started