Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
getgrav grav vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-37897
Grav is a file-based Web-platform built in PHP. Grav is subject to a server side template injection (SSTI) vulnerability. The fix for another SSTI vulnerability using `|map`, `|filter` and `|reduce` twigs implemented in the commit `71bbed1` introduces bypass of the denylist due t...
Getgrav Grav 1.7.42.1
Getgrav Grav 1.7.42
5.5
CVSSv3
CVE-2020-29556
The Backup functionality in Grav CMS up to and including 1.7.0-rc.17 allows an authenticated malicious user to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker du...
Getgrav Grav Cms 1.7.0
Getgrav Grav Cms
8.8
CVSSv3
CVE-2020-29553
The Scheduler in Grav CMS up to and including 1.7.0-rc.17 allows an malicious user to execute a system command by tricking an admin into visiting a malicious website (CSRF).
Getgrav Grav Cms 1.7.0
Getgrav Grav Cms
8.1
CVSSv3
CVE-2020-29555
The BackupDelete functionality in Grav CMS up to and including 1.7.0-rc.17 allows an authenticated malicious user to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker ...
Getgrav Grav Cms 1.7.0
Getgrav Grav Cms
7.2
CVSSv3
CVE-2021-29440
Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privile...
Getgrav Grav
1 Github repository
5.4
CVSSv3
CVE-2023-31506
A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated malicious users to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.
Getgrav Grav
5.3
CVSSv3
CVE-2021-3818
grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking
Getgrav Grav
5.4
CVSSv3
CVE-2021-3904
grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Getgrav Grav
7.5
CVSSv3
CVE-2021-3924
grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Getgrav Grav
7.2
CVSSv3
CVE-2022-2073
Code Injection in GitHub repository getgrav/grav before 1.7.34.
Getgrav Grav
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »