Server-Side Template Injection (SSTI)
getgrav/grav is vulnerable to Server-Side Template Injection SSTI. The vulnerability exists because the Filter function of GravExtension.php does not properly block the other built-in functions exposed by Twig's Core Extension, which allows an attacker to invoke arbitrary unsafe functions, leadin...