EUVD-2023-1781

Malicious code in bioql PyPI...

EUVD-2023-1758

Malicious code in bioql PyPI...

EUVD-2023-38523

Malicious code in bioql PyPI...

CVE-2023-34448

Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default filter function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke...

CVE-2023-34251

Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. Version 1.7.42 contains a fix for this...

CVE-2024-13504

The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dfxp File uploads in all versions up to, and including, 1.7.42 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress plugin Shared Files 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

Design/Logic Flaw

Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default filter function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke...

Design/Logic Flaw

Grav is a file-based Web platform. Prior to version 1.7.42, the denylist introduced in commit 9d6a2d to prevent dangerous functions from being executed via injection of malicious templates was insufficient and could be easily subverted in multiple ways -- 1 using unsafe functions that are not...

CVE-2023-34251

Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. Version 1.7.42 contains a fix for this...

Design/Logic Flaw

Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. Version 1.7.42 contains a fix for this...

CVE-2023-34448 Grav Server-side Template Injection (SSTI) via Twig Default Filters

Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default filter function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke...

CVE-2023-34253 Grav vulnerable to Server-side Template Injection (SSTI) via Denylist Bypass

Grav is a flat-file content management system. Prior to version 1.7.42, the denylist introduced in commit 9d6a2d to prevent dangerous functions from being executed via injection of malicious templates was insufficient and could be easily subverted in multiple ways -- 1 using unsafe functions that...

CVE-2023-34253 Grav vulnerable to Server-side Template Injection (SSTI) via Denylist Bypass

Grav is a flat-file content management system. Prior to version 1.7.42, the denylist introduced in commit 9d6a2d to prevent dangerous functions from being executed via injection of malicious templates was insufficient and could be easily subverted in multiple ways -- 1 using unsafe functions that...

CVE-2023-34252 Grav Server-side Template Injection via Insufficient Validation in filterFilter

Grav is a flat-file content management system. Prior to version 1.7.42, there is a logic flaw in the GravExtension.filterFilter function whereby validation against a denylist of unsafe functions is only performed when the argument passed to filter is a string. However, passing an array as a...

CVE-2023-34251 Grav Server Side Template Injection vulnerability

Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. Version 1.7.42 contains a fix for this...

Grav 代码注入漏洞

Grav is a scalable CMS Content Management System for personal blogs, small content publishing platforms, and one-page product displays. A security vulnerability exists in Grav prior to version 1.7.42, which stems from a server-side template injection SSTI vulnerability that allows an attacker to...

Grav 代码注入漏洞

Grav is a scalable CMS Content Management System for personal blogs, small content publishing platforms, and one-page product displays. A security vulnerability exists in Grav prior to version 1.7.42, which stems from a server-side template injection SSTI vulnerability that allows an attacker to...

Grav 代码注入漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms, and one-page product displays. A code injection vulnerability exists in Grav versions prior to 1.7.42, which stems from the presence of a server-side template injection SSTI vulnerability...

Grav 跨站脚本漏洞

Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms, and one-page product displays. A cross-site scripting vulnerability exists in Grav 1.7.42 and earlier versions, which stems from a Reflected Cross-Site Scripting XSS vulnerability. The...