CVE-2025-66296
CVE-2025-66296 affects Grav (file-based CMS). Before 1.8.0-beta.27, the Admin plugin has a flaw: no username uniqueness validation when creating users. An account with create user permissions can register a new user using an existing admin username, set a new password/email, and then log in as th...