2 matches found
CVE-2025-66297
CVE-2025-66297 concerns Grav CMS prior to 1.8.0-beta.27. A user with admin-panel access and permissions to create/edit pages can enable Twig in page frontmatter, inject malicious Twig expressions, and escalate to admin or trigger arbitrary system commands via the scheduler API. Reported impacts i...
PT-2025-48556
Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.8.0-beta.27 Description A user with admin panel access and permissions to create or edit pages in Grav CMS can enable Twig processing in the page frontmatter. By injecting malicious Twig expressions, a user can escalat...