Privilege Escalation

getgrav/grav is vulnerable to Privilege Escalation PE. The vulnerability is due to improper handling of Twig processing in page frontmatter, which allows an attacker to inject malicious Twig expressions and escalate privileges or execute arbitrary system commands via the scheduler API...

Improper Neutralization of Special Elements Used in a Template Engine

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the Twig processing feature enabled through page frontmatter. An...

CVE-2021-29440

Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the...

CVE-2024-28117 Grav vulnerable to Server Side Template Injection (SSTI)

Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twigarraymap, allowing attackers to bypass the validation and execute...

PT-2024-22274 · Grav · Grav

Name of the Vulnerable Software and Affected Versions: Grav versions prior to 1.7.45 Description: The issue arises from unrestricted access to the twig extension class from the grav context, allowing an attacker to redefine the escape function and execute arbitrary commands. This can be achieved ...

PT-2024-22272 · Grav · Grav

Name of the Vulnerable Software and Affected Versions: Grav versions prior to 1.7.45 Description: Grav is an open-source, flat-file content management system. The issue arises because Grav validates accessible functions through the Utils::isDangerousFunction function but does not impose...

GHSA-9436-3GMP-4F53 grav Server-side Template Injection (SSTI) mitigation bypass

Summary The fix for SSTI using |map, |filter and |reduce twigs implemented in the commit 71bbed1 introduces bypass of the denylist due to incorrect return value from isDangerousFunction, which allows to execute the payload prepending double backslash \ Details The isDangerousFunction check in...

Exploit for Code Injection in Getgrav Grav

CVE-2021-29440 Unsafe Twig processing of static pages leading...

GHSA-G8R4-P96J-XFXC Grav's Twig processing allowing dangerous PHP functions by default

Impact Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Patches The issue was...

Grav's Twig processing allowing dangerous PHP functions by default

Impact Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Patches The issue was...

CVE-2021-29440

Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the...

Design/Logic Flaw

Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the...

CVE-2021-29440

Grav CMS 1.7.x is affected by CVE-2021-29440 due to unsandboxed Twig processing of static pages enabled via front matter by users with page-creation/admin privileges. The vulnerability enables server-side template injection, which can lead to arbitrary code execution and privilege escalation on t...