GHSA-GPMF-Q5JH-HJX4 Grav CMS Arbitrary File Deletion

The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection...

Grav CMS Arbitrary File Deletion

The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection...

CVE-2020-29555

The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection...

CVE-2020-29555

The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection...

Path traversal

The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection...

CVE-2020-29555

CVE-2020-29555 concerns Grav CMS BackupDelete vulnerability in Grav Core (1.7.0-rc.17) where an authenticated user can delete arbitrary server files via a path traversal flaw. The issue can also be exploited by an unauthenticated attacker due to missing CSRF protection. Affected component: Backup...

CVE-2020-29555

The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection...

Grav 路径遍历漏洞

Grav is a flat file CMS that uses Markdown files for content management. An arbitrary file deletion vulnerability exists in the BackupDelete feature of Grav 1.7.0-rc.17 and earlier versions. An attacker can exploit this vulnerability by using path traversal techniques to delete arbitrary files on...