8 matches found
CVE-2021-29440
Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the...
Grav CMS Command Injection (CVE-2021-29440)
A command injection vulnerability exists in Grav CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Grav CMS 1.7.10 - Server-Side Template Injection (SSTI) (Authenticated) Exploit
Title: Grav CMS 1.7.10 - Server-Side Template Injection SSTI Authenticated Author: enox Vendor: https://getgrav.org/ Software Link: https://getgrav.org/download/core/grav-admin/1.7.10 Vulnerable Versions: Grav CMS 1.7.10 CVE: CVE-2021-29440 Credits:...
Grav CMS 1.7.10 Server-Side Template Injection
Title: Grav CMS 1.7.10 - Server-Side Template Injection SSTI Authenticated Author: enox Date: 06-06-2021 Vendor: https://getgrav.org/ Software Link: https://getgrav.org/download/core/grav-admin/1.7.10 Vulnerable Versions: Grav CMS 1.7.10 CVE: CVE-2021-29440 Credits:...
CVE-2021-29440
creationtimestamp| type| source ---|---|--- 2021-06-03 11:03:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/3527...
Grav CMS 1.7.10 - Code Execution Vulnerabilities
In the lineage of most recent flat-file PHP CMS, Grav CMS is a modern web platform to build fast, safe and extensible websites. It uses a modern technology stack with Twig, Symfony and Doctrine, and offers an administration dashboard that allows managing the whole website structure, pages, static...
CVE-2021-29440 Twig allowing dangerous PHP functions by default
Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the...
CVE-2021-29440
Grav CMS 1.7.x is affected by CVE-2021-29440 due to unsandboxed Twig processing of static pages enabled via front matter by users with page-creation/admin privileges. The vulnerability enables server-side template injection, which can lead to arbitrary code execution and privilege escalation on t...