getgrav/grav

vulnerable: 0.8.0 ... 1.3.0-rc.5 (106 versions)

Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools.

vulnerable: 0.8.0 ... 1.7.0-beta.7 (196 versions)

Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images.

vulnerable: 0.8.0 ... 1.6.9 (180 versions)

Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x.

vulnerable: 0.8.0 ... 1.6.9 (187 versions)

The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).

vulnerable: 0.8.0 ... 1.6.9 (187 versions)

The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an un…

vulnerable: 0.8.0 ... 1.6.9 (187 versions)

The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unau…

vulnerable: 0.8.0 ... 1.7.9 (229 versions)

Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arb…

vulnerable: 0.8.0 ... 1.7.9 (238 versions)

grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking

vulnerable: 0.8.0 ... 1.7.9 (241 versions)

grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

vulnerable: 0.8.0 ... 1.7.9 (242 versions)

grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

vulnerable: 0.8.0 ... 1.7.9 (247 versions)

Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28.

vulnerable: 0.8.0 ... 1.7.9 (251 versions)

Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.

vulnerable: 0.8.0 ... 1.7.9 (251 versions)

Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.

vulnerable: 0.8.0 ... 1.7.9 (253 versions)

stored xss in GitHub repository getgrav/grav prior to 1.7.33.

vulnerable: 0.8.0 ... 1.7.9 (254 versions)

Code Injection in GitHub repository getgrav/grav prior to 1.7.34.

vulnerable: 0.8.0 ... 1.7.9 (275 versions)

A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element.

vulnerable: 0.8.0 ... 1.7.9 (269 versions)

Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page edi…

vulnerable: 0.8.0 ... 1.7.9 (269 versions)

Grav is a flat-file content management system. Prior to version 1.7.42, there is a logic flaw in the `GravExtension.filterFilter()` function whereby validation against a denylist of unsafe functions is only performed when the argument pass…

vulnerable: 0.8.0 ... 1.7.9 (269 versions)

Grav is a flat-file content management system. Prior to version 1.7.42, the denylist introduced in commit 9d6a2d to prevent dangerous functions from being executed via injection of malicious templates was insufficient and could be easily s…

vulnerable: 0.8.0 ... 1.7.9 (269 versions)

Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions …

vulnerable: 0.8.0 ... 1.7.9 (271 versions)

Grav is a file-based Web-platform built in PHP. Grav is subject to a server side template injection (SSTI) vulnerability. The fix for another SSTI vulnerability using `|map`, `|filter` and `|reduce` twigs implemented in the commit `71bbed1…

vulnerable: 0.8.0 ... 1.7.9 (275 versions)

Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .jso…

vulnerable: 0.8.0 ... 1.7.9 (273 versions)

Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code ex…

vulnerable: 0.8.0 ... 1.7.9 (275 versions)

Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbi…

vulnerable: 0.8.0 ... 1.7.9 (275 versions)

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twig_array_m…

vulnerable: 0.8.0 ... 1.7.9 (275 versions)

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a pr…

vulnerable: 0.8.0 ... 1.7.9 (275 versions)

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Tw…

vulnerable: 0.8.0 ... 1.7.9 (276 versions)

Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file …

vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code Execution (RCE) by uploading a specially crafted ZIP file through the "Direct Install" tool. While the s…

vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the session_id (passed as __form-flash-id in POST requests), an unauthenticated attacker…

vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user (with only user creation permissions) to overwrite existing accounts, including the primary admin…

vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged user (EX: Content Editor with only pages.update permissions) can bypass the existing Twig sandbox restrictions by utilizing the grav['accounts'] service. Attacker c…

vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged (with the ability to create a page) user can cause XSS with the injection of svg element. The XSS can further be escalated to dump the entire system information ava…

vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting (XSS) vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue arises from a blacklist bypass in the de…

vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register() method in the Login plugin accepts attacker-controlled groups and access fields from the registration POST data without server-side validation. When registrati…

vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with page editing permissions can inject an executable JavaScript event-handler attribute into rendered image HTML through Grav's Markdown media action syntax.…

vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)

The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Grav CMS Form plugin's select field template. Taxonomy tag and category values are rendered …

vulnerable: 0.8.0 ... 2.0.0-beta.3 (319 versions)

Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created …

vulnerable: 0.8.0 ... 1.7.9 (284 versions)

grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails to properly validate and sanitize user …

vulnerable: 0.8.0 ... 2.0.0-rc.1 (321 versions)

Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray() from within a page body, dumping the entire merged site configuration — including all…

vulnerable: 0.8.0 ... 2.0.0-beta.1 (317 versions)

A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The …