3 matches found
CVE-2024-28119
Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front...
CVE-2024-28119
CVE-2024-28119 — Grav vulnerable to SSTI via Twig escape handler . Grav (open-source flat-file CMS) prior to 1.7.45 allows an attacker to redefine the Twig escape function through unrestricted access to the twig extension class from the Grav context, enabling arbitrary command execution and privi...
CVE-2024-28119 Grav vulnerable to Server Side Template Injection (SSTI) via Twig escape handler
Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front...