2 matches found
CVE-2024-28117
Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twigarraymap, allowing attackers to bypass the validation and execute...
CVE-2024-28117
Grav (CVE-2024-28117) is vulnerable to Server-Side Template Injection due to improper validation of accessible functions: Utils::isDangerousFunction checks are bypassed for twig_array_map, allowing an attacker to execute arbitrary commands via the Twig processor when static pages are processed. A...