7 matches found
Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin
CVE-2021-21425 - GravCMS Unauthenticated RCE Unauthenticated...
Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin
CVE-2021-21425 source: https://www.exploi...
GravCMS 1.10.7 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...
GravCMS 1.10.7 - Unauthenticated Arbitrary File Write (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...
CVE-2021-21425
creationtimestamp| type| source ---|---|--- 2021-04-21 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/49788 2021-04-22 04:03:09+00:00| published-proof-of-concept| https://t.me/pwnwikizhchannel/234 2021-05-04 12:34:06+00:00| seen|...
CVE-2021-21425
GravCMS (Grav Admin Plugin)
CVE-2021-21425 Unauthenticated Arbitrary YAML Write/Update leads to Code Execution
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in...