6 matches found
Deserialization of Untrusted Data
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via unsafe handling of serialized data and improper input validation in multiple components, including...
Arbitrary Code Injection
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Arbitrary Code Injection in the directInstall process. An attacker can execute arbitrary code on the server by uploading a specially crafted Z...
CVE-2026-7317
A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...
CVE-2026-7317
A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...
CVE-2026-7317
Grav CMS (up to 1.7.49.5/2.0.0-beta.1) contains a deserialization vulnerability in FileCache::doGet (Cache Value Handler, file system/src/Grav/Framework/Cache/Adapter/FileCache.php). The issue allows remote exploitation with high complexity and a publicly available exploit. Upgrading to version 2...
CVE-2026-7317 Grav CMS Cache Value FileCache.php doGet deserialization
A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component Cache Value Handler. The manipulation results in deserialization. The attack may be...