23 matches found
CVE-2026-59193
Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, ...
CVE-2026-59193
Grav CMS is a file-based web platform. Before version 2.0.0, an authenticated admin.super user could trigger a denial of service by uploading a specially crafted ZIP via the Direct Install tool, because Installer::unZip uses ZipArchive::extractTo without limits on uncompressed size, entry count, ...
EUVD-2026-42951
Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, ...
CVE-2026-59193 Grav CMS — Improper Handling of Highly Compressed Data in Installer::unZip()
Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, ...
CVE-2026-42607
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code Execution RCE by uploading a specially crafted ZIP file through the "Direct Install" tool. While the system attempts to block direct .php file uploads, it fails t...
📄 Grav CMS Shell Upload
The Grav CMS Direct Install feature in the Admin plugin allows administrators to upload plugins as ZIP files. The system failed to adequately validate the contents of the ZIP archive or prevent path traversal Zip Slip during extraction. By crafting a malicious plugin that hooks into Grav events...
Grav CMS 2.0.0-beta.2 - Remote Code Execution
Exploit Title: Grav CMS 'onPluginsInitialized', 0; public function onPluginsInitialized: void $shellpath = GRAVROOT . '/shell.php'; if !fileexists$shellpath fileputcontents$shellpath, '';...
CVE-2026-42607
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code Execution RCE by uploading a specially crafted ZIP file through the "Direct Install" tool. While the system attempts to block direct .php file uploads, it fails t...
CVE-2026-42607 Grav: Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code Execution RCE by uploading a specially crafted ZIP file through the "Direct Install" tool. While the system attempts to block direct .php file uploads, it fails t...
CVE-2026-42607 Grav: Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code Execution RCE by uploading a specially crafted ZIP file through the "Direct Install" tool. While the system attempts to block direct .php file uploads, it fails t...
CVE-2026-42607
CVE-2026-42607 (Grav) : An authenticated admin can achieve Remote Code Execution by uploading a malicious ZIP via the Direct Install tool. The ZIP contents are not inspected before extraction, allowing arbitrary PHP execution or dropping a web shell. This affects Grav’s Admin plugin and the Grav ...
Grav 代码注入漏洞
Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained a code injection vulnerability. This vulnerabili...
Grav Vulnerable to Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature
Summary An authenticated user with administrative privileges can achieve Remote Code Execution RCE by uploading a specially crafted ZIP file through the "Direct Install" tool. While the system attempts to block direct .php file uploads, it fails to inspect the contents of uploaded ZIP archives...
GHSA-W48R-JPPP-RCFW Grav Vulnerable to Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install Feature
Summary An authenticated user with administrative privileges can achieve Remote Code Execution RCE by uploading a specially crafted ZIP file through the "Direct Install" tool. While the system attempts to block direct .php file uploads, it fails to inspect the contents of uploaded ZIP archives...
PT-2026-37273
Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description An authenticated user with administrative privileges can achieve Remote Code Execution RCE by uploading a specially crafted ZIP file through the "Direct Install" tool. The system fails to inspect...
📄 Grav CMS 1.7.49.5 Shell Upload
This script targets a Grav CMS administrative panel by first authenticating, then checking version information to estimate vulnerability exposure. If conditions are met, it generates a malicious PHP plugin containing a base64-encoded payload and uploads it as a ZIP package through the “direct...
Grav CMS Admin Direct Install Authenticated Plugin Upload RCE
Grav CMS version use exploit/multi/http/gravadmindirectinstallrcecve202550286 msf exploitgravadmindirectinstallrcecve202550286 show targets ...targets... msf exploitgravadmindirectinstallrcecve202550286 set TARGET msf exploitgravadmindirectinstallrcecve202550286 show options ...show and set...
📄 Grav CMS 1.7.49.5 Remote Code Execution
Grav CMS versions 1.7.49.5 and below with Admin Plugin versions 1.10.49.3 and below are vulnerable to an authenticated remote code execution vulnerability via the "Direct Install" feature in the administrative interface. An authenticated administrator can upload a crafted plugin archive containin...
📄 Grav CMS 1.7.48 Remote Code Execution
Grav CMS version 1.7.48 suffers from a remote code execution vulnerability. Exploit Title: Grav CMS 1.7.48 - Remote Code Execution RCE Date: 2025-08-07 Exploit Author: binneko https://github.com/binneko Vendor Homepage: https://getgrav.org/ Software Link:...
Grav CMS 1.7.48 - Remote Code Execution (RCE)
Exploit Title: Grav CMS 1.7.48 - Remote Code Execution RCE Date: 2025-08-07 Exploit Author: binneko https://github.com/binneko Vendor Homepage: https://getgrav.org/ Software Link: https://github.com/getgrav/grav/releases/tag/1.7.48 Version: Grav CMS v1.7.48 / Admin Plugin v1.10.48 Tested on: Debi...