Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 9:19 p.m.6 views

CVE-2022-2073

Code Injection in GitHub repository getgrav/grav prior to 1.7.34...

9.1CVSS7AI score0.10385EPSS
Exploits2References1
Veracode
Veracode
added 2023/06/21 7:9 a.m.17 views

Server-side Template Injection(SSTI)

getgrav/grav is vulnerable to Server-side Template Injection SSTI. An authenticated remote attacker is able to cause server side template injection via the Twig engine which renders risky functions by default, such as system. Insufficient fix in addressing CVE-2022-2073 allows the bypass of the...

7.2CVSS7.6AI score0.10385EPSS
Exploits3References10Affected Software1
OSV
OSV
added 2023/06/16 7:37 p.m.55 views

GHSA-WHR7-M3F8-MPM8 Grav Server-side Template Injection (SSTI) via Twig Default Filters

Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection SSTI via Twig Default Filters Summary: | Product | Grav CMS | | ----------------------- | --------------------------------------------- | | Vendor | Grav...

7.2CVSS8AI score0.04515EPSS
Exploits1References10
Github Security Blog
Github Security Blog
added 2023/06/16 7:37 p.m.28 views

Grav Server-side Template Injection (SSTI) via Twig Default Filters

Hi, actually we have sent the bug report to [email protected] on 27th March 2023 and on 10th April 2023. Grav Server-side Template Injection SSTI via Twig Default Filters Summary: | Product | Grav CMS | | ----------------------- | --------------------------------------------- | | Vendor | Grav...

9.1CVSS8.9AI score0.10385EPSS
Exploits3References10Affected Software1
Prion
Prion
added 2023/06/14 11:15 p.m.14 views

Design/Logic Flaw

Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default filter function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke...

5.8CVSS7.2AI score0.10385EPSS
Exploits3References5Affected Software1
CVE
CVE
added 2022/06/29 6:20 p.m.118 views

CVE-2022-2073

CVE-2022-2073 is a Grav SSTI vulnerability in getgrav/grav prior to 1.7.34 where the Twig filter function could be abused to trigger unsafe calls. Grav patched filter() in 1.7.34, but attackers could still abuse other Twig core filters (e.g., map/reduce) to reach remote code execution unless thos...

9.1CVSS7.9AI score0.10385EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder