The Scheduler in Grav CMS up to and including 1.7.0-rc.17 allows an malicious user to execute a system command by tricking an admin into visiting a malicious website (CSRF).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
getgrav grav cms |
||
getgrav grav cms 1.7.0 |