The Backup functionality in Grav CMS up to and including 1.7.0-rc.17 allows an authenticated malicious user to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
getgrav grav cms |
||
getgrav grav cms 1.7.0 |