Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:23 p.m.17 views

CVE-2021-29439

The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission admin.login can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitiv...

7.2CVSS7.6AI score0.02587EPSS
Exploits0References1
SonarSource Blog
SonarSource Blog
added 2021/06/01 12:0 a.m.95 views

Grav CMS 1.7.10 - Code Execution Vulnerabilities

In the lineage of most recent flat-file PHP CMS, Grav CMS is a modern web platform to build fast, safe and extensible websites. It uses a modern technology stack with Twig, Symfony and Doctrine, and offers an administration dashboard that allows managing the whole website structure, pages, static...

6.5CVSS8.1AI score0.30623EPSS
Exploits5
CVE
CVE
added 2021/04/13 7:45 p.m.104 views

CVE-2021-29439

The CVE-2021-29439 issue affects Grav CMS, specifically the Admin plugin prior to version 1.10.11. Root cause: improper privilege verification in the Admin controller/task dispatch allows users with the admin.login permission to install third‑party plugins and their dependencies, potentially enab...

7.2CVSS7.7AI score0.02587EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/04/13 7:45 p.m.40 views

CVE-2021-29439 Plugins can be installed with minimal admin privileges

The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission admin.login can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitiv...

7.2CVSS7.5AI score0.02587EPSS
Exploits0References2
Rows per page
Query Builder