Server-side Template Injection(SSTI)
getgrav/grav is vulnerable to Server-side Template InjectionSSTI. The vulnerability exists in filterFilter function of GravExtension.php, because an array might omit the validation check when the parameter is a string. This enables an authenticated attacker to insert malicious templates and perfo...