CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27921 – Grav File Upload Path Traversal vulnerability
https://notcve.org/view.php?id=CVE-2024-27921
Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses severe risks, that can allow attackers to inject arbitrary code on the server, undermine integrity of backup files by overwriting existing files or creating new ones, and exfiltrate sensitive data using CSS exfiltration techniques. Upgrading to patched version 1.7.45 can mitigate the issue. Grav es un sistema de gestión de contenidos de archivos planos de código abierto. • https://github.com/getgrav/grav/commit/5928411b86bab05afca2b33db4e7386a44858e99 https://github.com/getgrav/grav/security/advisories/GHSA-m7hx-hw6h-mqmc • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27923 – Remote Code Execution by uploading a phar file using frontmatter
https://notcve.org/view.php?id=CVE-2024-27923
Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue. Grav es un sistema de gestión de contenidos (CMS). • https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07 https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v • CWE-287: Improper Authentication CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-31506
https://notcve.org/view.php?id=CVE-2023-31506
A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element. Una vulnerabilidad de cross-site scripting (XSS) en las versiones de Grav 1.7.44 y anteriores permite a atacantes remotos autenticados ejecutar scripts web o HTML arbitrarios a través del atributo onmouseover de un elemento ISINDEX. • https://m3n0sd0n4ld.github.io/patoHackventuras/cve-2023-31506 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-34452 – Grav vulnerable to Self Cross Site Scripting in /forgot_password
https://notcve.org/view.php?id=CVE-2023-34452
Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgot_password" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the "email" parameter of the request. While this vulnerability can potentially allow an attacker to execute arbitrary code on the user's browser, the impact is limited as it requires user interaction to trigger the vulnerability. As of time of publication, a patch is not available. Server-side validation should be implemented to prevent this vulnerability. • https://github.com/getgrav/grav/security/advisories/GHSA-xcr8-cc2j-62fc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2023-34448 – Grav Server-side Template Injection (SSTI) via Twig Default Filters
https://notcve.org/view.php?id=CVE-2023-34448
Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke arbitrary unsafe functions, thereby allowing for remote code execution. A patch in version 1.74.2 overrides the built-in Twig `map()` and `reduce()` filter functions in `system/src/Grav/Common/Twig/Extension/GravExtension.php` to validate the argument passed to the filter in `$arrow`. Grav es un sistema de gestión de contenidos de archivos planos. Antes de la versión 1.7.42, el parche para CVE-2022-2073, una vulnerabilidad de inyección de plantillas del lado del servidor en Gray aprovechando la función predeterminada "filter()", no bloqueaba otras funciones integradas expuestas por la extensión principal de Twig que podían utilizarse para invocar funciones no seguras arbitrarias, permitiendo así la ejecución remota de código. • https://github.com/getgrav/grav/commit/8c2c1cb72611a399f13423fc6d0e1d998c03e5c8 https://github.com/getgrav/grav/security/advisories/GHSA-whr7-m3f8-mpm8 https://github.com/twigphp/Twig/blob/v1.44.7/src/Environment.php#L148 https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66 https://www.github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •