Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
&color=brightgreen)
Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue.
- https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh
- https://github.com/NaInSec/CVE-LIST
- https://github.com/akabe1/Graver
- https://github.com/geniuszly/GenGravSSTIExploit
- https://github.com/geniuszlyy/GenGravSSTIExploit
- https://github.com/gunzf0x/Grav-CMS-RCE-Authenticated
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/tanjiti/sec_profile