PT-2024-22273 · Grav · Grav

Name of the Vulnerable Software and Affected Versions: Grav versions prior to 1.7.45 Description: The issue arises due to unrestricted access to the twig extension class from the Grav context, allowing an attacker to redefine config variables and bypass previous SSTI mitigation. This can lead to...

Grav 安全漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms, and one-page product displays. A security vulnerability exists in Grav prior to version 1.7.45, which stems from a file upload and path traversal vulnerability in the application...