Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
getgrav grav vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-37897
Grav is a file-based Web-platform built in PHP. Grav is subject to a server side template injection (SSTI) vulnerability. The fix for another SSTI vulnerability using `|map`, `|filter` and `|reduce` twigs implemented in the commit `71bbed1` introduces bypass of the denylist due t...
Getgrav Grav 1.7.42.1
Getgrav Grav 1.7.42
5.1
CVSSv2
CVE-2020-29553
The Scheduler in Grav CMS up to and including 1.7.0-rc.17 allows an malicious user to execute a system command by tricking an admin into visiting a malicious website (CSRF).
Getgrav Grav Cms
Getgrav Grav Cms 1.7.0
5.5
CVSSv2
CVE-2020-29555
The BackupDelete functionality in Grav CMS up to and including 1.7.0-rc.17 allows an authenticated malicious user to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker ...
Getgrav Grav Cms
Getgrav Grav Cms 1.7.0
2.1
CVSSv2
CVE-2020-29556
The Backup functionality in Grav CMS up to and including 1.7.0-rc.17 allows an authenticated malicious user to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker du...
Getgrav Grav Cms
Getgrav Grav Cms 1.7.0
NA
CVE-2023-31506
A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated malicious users to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.
Getgrav Grav
5
CVSSv2
CVE-2021-3818
grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking
Getgrav Grav
3.5
CVSSv2
CVE-2022-1173
stored xss in GitHub repository getgrav/grav before 1.7.33.
Getgrav Grav
6.5
CVSSv2
CVE-2021-29440
Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privile...
Getgrav Grav
1 Github repository
5
CVSSv2
CVE-2021-3924
grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Getgrav Grav
5.8
CVSSv2
CVE-2020-11529
Common/Grav.php in Grav prior to 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x.
Getgrav Grav
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »