3 matches found
CVE-2021-47812
GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with...
CVE-2021-47812 GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)
GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with...
CVE-2021-47812
GravCMS 1.10.7 is affected by CVE-2021-47812, with an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code via the scheduler endpoint. Exploitation centers on the admin-nonce parameter to inject base64-encoded payloads and create ma...