CVE-2026-42609

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that alread...

Improper Enforcement of a Single, Unique Action

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Improper Enforcement of a Single, Unique Action through the user creation process. An attacker can remove administrative privileges and disrup...

PT-2026-37275

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description A business logic issue in the Grav Admin Panel allows a low-privileged user with user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new...

CVE-2025-66296

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an...

CVE-2025-66296

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an...

CVE-2025-66296

CVE-2025-66296 affects Grav (file-based CMS). Before 1.8.0-beta.27, the Admin plugin has a flaw: no username uniqueness validation when creating users. An account with create user permissions can register a new user using an existing admin username, set a new password/email, and then log in as th...

PT-2025-48555

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an...

Cross-site Request Forgery (CSRF)

ssddanbrown/bookstack is vulnerable to cross-site request forgery attacks. The library does not properly validate the user login flow after the email confirmation, allowing an attacker to duplicate the username and gain access to the account when user click the confirmation link...

Joomla! input validation error vulnerability (CNVD-2020-20999)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. An input validation error vulnerability exists in Joomla! versions 3.0.0 through 3.9.15, which stems from a lack of length checking in user forms, a...

CVE-2018-19654

An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a...

CVE-2018-19654

An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a...