Server-Side Template Injection
getgrav/grav is vulnerable to Server-Side Template Injection. The vulnerability is due to insufficient sandboxing and validation of user-defined Twig template functions and filters, allowing authenticated users to execute arbitrary code on the server...