Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:29 p.m.9 views

CVE-2021-29440

Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the...

8.4CVSS7.6AI score0.30623EPSS
Exploits5References1
Check Point Advisories
Check Point Advisories
added 2021/06/24 12:0 a.m.5 views

Grav CMS Command Injection (CVE-2021-29440)

A command injection vulnerability exists in Grav CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

6.5CVSS5.5AI score0.30623EPSS
Exploits5
0day.today
0day.today
added 2021/06/07 12:0 a.m.355 views

Grav CMS 1.7.10 - Server-Side Template Injection (SSTI) (Authenticated) Exploit

Title: Grav CMS 1.7.10 - Server-Side Template Injection SSTI Authenticated Author: enox Vendor: https://getgrav.org/ Software Link: https://getgrav.org/download/core/grav-admin/1.7.10 Vulnerable Versions: Grav CMS 1.7.10 CVE: CVE-2021-29440 Credits:...

8.4CVSS0.2AI score0.30623EPSS
Exploits5
Packet Storm
Packet Storm
added 2021/06/07 12:0 a.m.386 views

Grav CMS 1.7.10 Server-Side Template Injection

Title: Grav CMS 1.7.10 - Server-Side Template Injection SSTI Authenticated Author: enox Date: 06-06-2021 Vendor: https://getgrav.org/ Software Link: https://getgrav.org/download/core/grav-admin/1.7.10 Vulnerable Versions: Grav CMS 1.7.10 CVE: CVE-2021-29440 Credits:...

6.5CVSS7.2AI score0.30623EPSS
Exploits5
Circl
Circl
added 2021/06/03 11:3 a.m.6 views

CVE-2021-29440

creationtimestamp| type| source ---|---|--- 2021-06-03 11:03:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/3527...

8.4CVSS7.3AI score0.30623EPSS
Exploits5References1
SonarSource Blog
SonarSource Blog
added 2021/06/01 12:0 a.m.94 views

Grav CMS 1.7.10 - Code Execution Vulnerabilities

In the lineage of most recent flat-file PHP CMS, Grav CMS is a modern web platform to build fast, safe and extensible websites. It uses a modern technology stack with Twig, Symfony and Doctrine, and offers an administration dashboard that allows managing the whole website structure, pages, static...

6.5CVSS8.1AI score0.30623EPSS
Exploits5
Cvelist
Cvelist
added 2021/04/13 7:55 p.m.30 views

CVE-2021-29440 Twig allowing dangerous PHP functions by default

Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the...

8.4CVSS8.9AI score0.30623EPSS
Exploits5References4
CVE
CVE
added 2021/04/13 7:55 p.m.189 views

CVE-2021-29440

Grav CMS 1.7.x is affected by CVE-2021-29440 due to unsandboxed Twig processing of static pages enabled via front matter by users with page-creation/admin privileges. The vulnerability enables server-side template injection, which can lead to arbitrary code execution and privilege escalation on t...

8.4CVSS7.5AI score0.30623EPSS
Exploits5References4Affected Software1
Rows per page
Query Builder