getgrav/grav is vulnerable to open redirect. The vulnerability exists because the function redirect
in Common/Grav.php
does not validate the internal route parameter route
and redirect to another location, allowing attackers to provide a malicious route to a location or file.
CPE | Name | Operator | Version |
---|---|---|---|
getgrav/grav | le | 1.6.22 |