2 matches found
CVE-2024-34082 Grav Arbitrary File Read to Account Takeover
Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - /grav/user/accounts/.yaml. This file stores hashed user password, 2FA secret, and the password res...
CVE-2024-34082
creationtimestamp| type| source ---|---|--- 2024-05-15 16:28:17+00:00| published-proof-of-concept| https://github.com/getgrav/grav/security/advisories/GHSA-f8v5-jmfh-pr69 2024-05-20 15:08:37+00:00| published-proof-of-concept| https://t.me/HackingInsights/678 2026-02-27 08:45:57+00:00| seen|...