CVE-2024-27921
published 2024-03-21CVE-2024-27921: Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version…
PriorityP274high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
60.59%
99.0th percentile
Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses severe risks, that can allow attackers to inject arbitrary code on the server, undermine integrity of backup files by overwriting existing files or creating new ones, and exfiltrate sensitive data using CSS exfiltration techniques. Upgrading to patched version 1.7.45 can mitigate the issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| getgrav | grav | < 1.7.45 | 1.7.45 |
| getgrav | grav | >= 0 < 1.7.45 | 1.7.45 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Grav File Upload Path Traversal
ghsa·2024-03-22
CVE-2024-27921 [HIGH] CWE-22 Grav File Upload Path Traversal
Grav File Upload Path Traversal
### Summary
Grav is vulnerable to a file upload path traversal vulnerability, that can allow an adversary to replace or create files with extensions such as .json, .zip, .css, .gif, etc. This vulnerabiltiy can allow attackers to inject arbitrary code on the server, undermine integrity of backup files by overwriting existing backups or creating new ones, and exfiltrating sensitive data using CSS Injection exfiltration techniques.
### Installation Configuration
- Grav CMS 1.10.44
- Apache web server
- php-8.2
### Details
_**Vulnerable code location:**_ grav/system/src/Grav/Common/Media/Traits/MediaUploadTrait.php/checkFileMetadata() method_
public function checkFileMetadata(array $metadata, string $filename = null, array $settings = null): string
{
// Add
OSV
Grav File Upload Path Traversal
osv·2024-03-22
CVE-2024-27921 [HIGH] Grav File Upload Path Traversal
Grav File Upload Path Traversal
### Summary
Grav is vulnerable to a file upload path traversal vulnerability, that can allow an adversary to replace or create files with extensions such as .json, .zip, .css, .gif, etc. This vulnerabiltiy can allow attackers to inject arbitrary code on the server, undermine integrity of backup files by overwriting existing backups or creating new ones, and exfiltrating sensitive data using CSS Injection exfiltration techniques.
### Installation Configuration
- Grav CMS 1.10.44
- Apache web server
- php-8.2
### Details
_**Vulnerable code location:**_ grav/system/src/Grav/Common/Media/Traits/MediaUploadTrait.php/checkFileMetadata() method_
public function checkFileMetadata(array $metadata, string $filename = null, array $settings = null): string
{
// Add
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/getgrav/grav/commit/5928411b86bab05afca2b33db4e7386a44858e99https://github.com/getgrav/grav/security/advisories/GHSA-m7hx-hw6h-mqmchttps://github.com/getgrav/grav/commit/5928411b86bab05afca2b33db4e7386a44858e99https://github.com/getgrav/grav/security/advisories/GHSA-m7hx-hw6h-mqmc
2024-03-21
Published