Lucene search
CVE-2021-29440
🗓️ 13 Apr 2021 20:22:15Reported by GitHub_MType 
cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 135 Views🌐 WEB
Grav file based Web-platform. Twig processing vulnerability allows arbitrary code execution.
Show more
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | Remote Code Execution | 19 Apr 202109:30 | – | veracode |
 | Grav CMS 1.7.10 Server-Side Template Injection | 7 Jun 202100:00 | – | packetstorm |
 | Grav CMS 1.7.10 - Server-Side Template Injection (SSTI) (Authenticated) Exploit | 7 Jun 202100:00 | – | zdt |
 | CVE-2021-29440 | 13 Apr 202120:15 | – | nvd |
 | Grav's Twig processing allowing dangerous PHP functions by default | 16 Apr 202119:53 | – | github |
 | CVE-2021-29440 Twig allowing dangerous PHP functions by default | 13 Apr 202119:55 | – | cvelist |
 | Design/Logic Flaw | 13 Apr 202120:15 | – | prion |
 | Grav CMS 1.7.10 - Server-Side Template Injection (SSTI) (Authenticated) | 7 Jun 202100:00 | – | exploitdb |
 | Grav CMS Command Injection (CVE-2021-29440) | 24 Jun 202100:00 | – | checkpoint_advisories |
 | Grav's Twig processing allowing dangerous PHP functions by default | 16 Apr 202119:53 | – | osv |
10
[
{
"product": "grav",
"vendor": "getgrav",
"versions": [
{
"status": "affected",
"version": "< 1.7.11"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| data[header][title] | path | /admin/pages/:add | Endpoint for creating a new page that allows for server-side template injection via the content parameter. | CWE-94 |
| data[content] | path | /admin/pages/:add | Endpoint for creating a new page that allows for server-side template injection via the content parameter. | CWE-94 |
| data[folder] | path | /admin/pages/:add | Endpoint for creating a new page that allows for server-side template injection via the content parameter. | CWE-94 |
| data[name] | path | /admin/pages/:add | Endpoint for creating a new page that allows for server-side template injection via the content parameter. | CWE-94 |
| __unique_form_id__ | path | /admin/pages/:add | Endpoint for creating a new page that allows for server-side template injection via the content parameter. | CWE-94 |
| form-nonce | path | /admin/pages/:add | Endpoint for creating a new page that allows for server-side template injection via the content parameter. | CWE-94 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo13 Apr 2021 20:15Current
7.5High risk
Vulners AI Score7.5
CVSS26.5
CVSS37.2 - 8.4
EPSS0.09769