Lucene search
GoogleOSV:GHSA-R3RG-JRJQ-W4MRHistoryMay 24, 2022 - 5:44 p.m.
Grav CMS Local File Injection
2022-05-2417:44:32
Google
osv.dev
6
grav cms
backup functionality
local file read
path-traversal
csrf protection
The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)
Related
osv
osv
CVE-2020-29555
2021-03-15 18:15:17
CVE-2020-29556
2021-03-15 18:15:17
Grav CMS Cross-Site Request Forgery (CSRF)
2022-05-24 17:44:32
github
github
Grav CMS Cross-Site Request Forgery (CSRF)
2022-05-24 17:44:32
Grav CMS Arbitrary File Deletion
2022-05-24 17:44:32
Grav CMS Local File Injection
2022-05-24 17:44:32
prion
prion
Path traversal
2021-03-15 18:15:00
Cross site request forgery (csrf)
2021-03-15 19:15:00
Path traversal
2021-03-15 18:15:00
nvd
nvd
cvelist
cvelist
cve
cve