Lucene search

CVE-2021-21425

🗓️ 07 Apr 2021 19:12:15Reported by GoogleType

osv🔗 osv.dev👁 21 Views

Grav Admin Plugin allows unauthenticated users to execute arbitrary YAML file change

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 15
Prion	Design/Logic Flaw	7 Apr 202119:15	–	prion
GithubExploit	Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin	19 Jan 202217:54	–	githubexploit
GithubExploit	Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin	24 Jun 202113:06	–	githubexploit
GithubExploit	Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin	13 Nov 202400:30	–	githubexploit
CVE	CVE-2021-21425	7 Apr 202119:15	–	cve
NVD	CVE-2021-21425	7 Apr 202119:15	–	nvd
0day.today	GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write/Update Exploit	21 Apr 202100:00	–	zdt
0day.today	GravCMS 1.10.7 Remote Command Execution Exploit	4 May 202100:00	–	zdt
Packet Storm	GravCMS 1.10.7 Remote Command Execution	21 Apr 202100:00	–	packetstorm
Packet Storm	GravCMS 1.10.7 Remote Command Execution	4 May 202100:00	–	packetstorm

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/162283/GravCMS-1.10.7-Remote-Command-Execution.html
packetstormsecurity	www.packetstormsecurity.com/files/162457/GravCMS-1.10.7-Remote-Command-Execution.html
github	www.github.com/getgrav/grav-plugin-admin/security/advisories/GHSA-6f53-6qgv-39pj
pentest	www.pentest.blog/unexpected-journey-7-gravcms-unauthenticated-arbitrary-yaml-write-update-leads-to-code-execution/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

07 Apr 2021 19:15Current

6.7Medium risk

Vulners AI Score6.7

CVSS27.5

CVSS39.3 - 9.8

EPSS0.89