CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34082 – Grav Arbitrary File Read to Account Takeover
https://notcve.org/view.php?id=CVE-2024-34082
15 May 2024 — Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account and read any file in the web server by resetting a password for a user to get access to the password reset token from the file or by crac... • https://github.com/getgrav/grav/commit/b6bba9eb99bf8cb55b8fa8d23f18873ca594e348 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28119 – Grav vulnerable to Server Side Template Injection (SSTI) via Twig escape handler
https://notcve.org/view.php?id=CVE-2024-28119
21 Mar 2024 — Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1... • https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28118 – Grav vulnerable to Server Side Template Injection (SSTI)
https://notcve.org/view.php?id=CVE-2024-28118
21 Mar 2024 — Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges ... • https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28117 – Grav vulnerable to Server Side Template Injection (SSTI)
https://notcve.org/view.php?id=CVE-2024-28117
21 Mar 2024 — Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twig_array_map, allowing attackers to bypass the validation and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used ... • https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 5CVE-2024-28116 – Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
https://notcve.org/view.php?id=CVE-2024-28116
21 Mar 2024 — Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue. Grav es un sistema de gestión de contenidos de archivos planos de código abierto. Grav CMS anterior a la versión 1.7.45 es vulnerable a una inyección de... • https://packetstorm.news/files/id/182033 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27921 – Grav File Upload Path Traversal vulnerability
https://notcve.org/view.php?id=CVE-2024-27921
21 Mar 2024 — Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses severe risks, that can allow attackers to inject arbitrary code on the server, undermine integrity of backup files by overwriting existing files or creating new ones, and exfiltrate sensitive data using CSS exfilt... • https://github.com/getgrav/grav/commit/5928411b86bab05afca2b33db4e7386a44858e99 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27923 – Remote Code Execution by uploading a phar file using frontmatter
https://notcve.org/view.php?id=CVE-2024-27923
06 Mar 2024 — Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue. Grav es un sistema de gestión de contenidos (CMS). • https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07 • CWE-287: Improper Authentication CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31506
https://notcve.org/view.php?id=CVE-2023-31506
09 Feb 2024 — A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element. Una vulnerabilidad de cross-site scripting (XSS) en las versiones de Grav 1.7.44 y anteriores permite a atacantes remotos autenticados ejecutar scripts web o HTML arbitrarios a través del atributo onmouseover de un elemento ISINDEX. • https://m3n0sd0n4ld.github.io/patoHackventuras/cve-2023-31506 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34452 – Grav vulnerable to Self Cross Site Scripting in /forgot_password
https://notcve.org/view.php?id=CVE-2023-34452
14 Jun 2023 — Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgot_password" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the "email" parameter of the request. While this vulnerability can potentially allow an attacker to execute arbitrary code on the user's browser, the impact is limited as it requires user interaction to trigger the vulnerability. As of time of publication, a patch is not available. Server-side validat... • https://github.com/getgrav/grav/security/advisories/GHSA-xcr8-cc2j-62fc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 2CVE-2023-34448 – Grav Server-side Template Injection (SSTI) via Twig Default Filters
https://notcve.org/view.php?id=CVE-2023-34448
14 Jun 2023 — Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke arbitrary unsafe functions, thereby allowing for remote code execution. A patch in version 1.74.2 overrides the built-in Twig `map()` and `reduce()` filter functions in `system/src/Grav/Common/Twig/Extension/Gra... • https://github.com/getgrav/grav/commit/8c2c1cb72611a399f13423fc6d0e1d998c03e5c8 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •