Code Injection
getgrav/grav is vulnerable to Code Injection. The vulnerability is due to unrestricted access to the Twig extension class from the Grav context. This flaw allows attackers to redefine configuration variables and bypass previous Server-Side Template Injection SSTI mitigations...