4 matches found
CVE-2021-29439
The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission admin.login can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitiv...
Grav CMS 1.7.10 - Code Execution Vulnerabilities
In the lineage of most recent flat-file PHP CMS, Grav CMS is a modern web platform to build fast, safe and extensible websites. It uses a modern technology stack with Twig, Symfony and Doctrine, and offers an administration dashboard that allows managing the whole website structure, pages, static...
CVE-2021-29439
The CVE-2021-29439 issue affects Grav CMS, specifically the Admin plugin prior to version 1.10.11. Root cause: improper privilege verification in the Admin controller/task dispatch allows users with the admin.login permission to install third‑party plugins and their dependencies, potentially enab...
CVE-2021-29439 Plugins can be installed with minimal admin privileges
The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission admin.login can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitiv...