cbcvebase.

Getgrav Grav vulnerabilities

73 known vulnerabilities affecting getgrav/grav.

Total CVEs
73
CISA KEV
0
Public exploits
7
Exploited in wild
0
Severity breakdown
CRITICAL8HIGH31MEDIUM34

Vulnerabilities

Page 1 of 4
CVE-2025-66294P2HIGHCVSS 8.8PoC≥ 1.7.48, < 1.8.0v1.8.0+1 more2025-12-01
CVE-2025-66294 [HIGH] CWE-94 CVE-2025-66294: Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Side Template Injection (SSTI) v Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Side Template Injection (SSTI) vulnerability exists in Grav that allows authenticated attackers with editor permissions to execute arbitrary commands on the server and, under certain conditions, may also be exploited by unauthenticated attackers. This vulnerability stems from weak rege
ghsanvdosv
CVE-2025-50286P2HIGHCVSS 8.1PoCv1.7.482025-08-06
CVE-2025-50286 [HIGH] CWE-434 CVE-2025-50286: A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upl A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access.
nvd
CVE-2026-42607P2CRITICALCVSS 9.1PoCfixed in 2.0.0-beta.22026-05-11
CVE-2026-42607 [CRITICAL] CWE-94 CVE-2026-42607: Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code Execution (RCE) by uploading a specially crafted ZIP file through the "Direct Install" tool. While the system attempts to block direct .php file uploads, it fails to inspect the contents of uploaded ZIP archives. Onc
ghsanvd
CVE-2025-66301P2CRITICALCVSS 9.6PoCfixed in 1.8.0v1.8.0+1 more2025-12-01
CVE-2025-66301 [CRITICAL] CWE-285 CVE-2025-66301: Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical fields on a POST request to /admin/pages/{page_name}, an editor with only permissions to change basic content on the form is now able to change the functioning of the form through modifying the content of the data[_json][header][
ghsanvdosv
CVE-2021-29440P2HIGHCVSS 7.2PoCfixed in 1.7.112021-04-13
CVE-2021-29440 [HIGH] CWE-94 CVE-2021-29440: Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matte Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. The issue was addressed in version 1.7.11.
ghsanvdosv
CVE-2024-27921P2HIGHCVSS 8.8fixed in 1.7.452024-03-21
CVE-2024-27921 [HIGH] CWE-22 CVE-2024-27921: Grav is an open-source, flat-file content management system. A file upload path traversal vulnerabil Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses severe risks, that can allow attackers to inject arbitr
ghsanvdosv
CVE-2024-34082P2CRITICALCVSS 9.9fixed in 1.7.462024-05-15
CVE-2024-34082 [CRITICAL] CWE-269 CVE-2024-34082: Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page e Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromi
ghsanvdosv
CVE-2021-47812P2CRITICALCVSS 9.8v1.10.72026-01-16
CVE-2021-47812 [CRITICAL] CWE-862 CVE-2021-47812: GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbit GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with system command execution.
nvd
CVE-2026-42613P2CRITICALCVSS 9.4fixed in 2.0.0-beta.22026-05-11
CVE-2026-42613 [CRITICAL] CWE-20 CVE-2026-42613: Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register() method in the Login Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register() method in the Login plugin accepts attacker-controlled groups and access fields from the registration POST data without server-side validation. When registration is enabled and groups or access are included in the configured allowed fields list, an unauthenticated user c
ghsanvd
CVE-2025-66297P2HIGHCVSS 8.8fixed in 1.8.0v1.8.0+1 more2025-12-01
CVE-2025-66297 [HIGH] CWE-1336 CVE-2025-66297: Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a user with admin panel access and permis Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a user with admin panel access and permissions to create or edit pages in Grav CMS can enable Twig processing in the page frontmatter. By injecting malicious Twig expressions, the user can escalate their privileges to admin or execute arbitrary system commands via the scheduler API. This resu
ghsanvdosv
CVE-2020-11529P3MEDIUMCVSS 6.1PoC≤ 1.6.312020-04-04
CVE-2020-11529 [MEDIUM] CWE-601 CVE-2020-11529: Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x.
ghsanvdosv
CVE-2024-28119P2HIGHCVSS 8.8fixed in 1.7.452024-03-21
CVE-2024-28119 [HIGH] CWE-94 CVE-2024-28119: Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unr Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or ed
ghsanvdosv
CVE-2024-28117P2HIGHCVSS 8.8fixed in 1.7.452024-03-21
CVE-2024-28117 [HIGH] CWE-94 CVE-2024-28117: Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twig_array_map, allowing attackers to bypass the validation and execute arbitrary commands. Twig processing of static pages can
ghsanvdosv
CVE-2026-42608P2CRITICALCVSS 9.1fixed in 2.0.0v2.0.0+1 more2026-05-11
CVE-2026-42608 [CRITICAL] CWE-22 CVE-2026-42608: Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability wi Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the session_id (passed as __form-flash-id in POST requests), an unauthenticated attacker can traverse the filesystem to create arbitrary directories and write an index.yaml file containing attacker-c
ghsanvd
CVE-2025-66296P2HIGHCVSS 8.8≥ 1.7.49.5, < 1.8.0v1.8.0+1 more2025-12-01
CVE-2025-66296 [HIGH] CWE-266 CVE-2025-66296: Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a privilege escalation vulnerability exis Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating users. A user with the create user permission can create a new account using the same username as an existing administrator account, set a new password/email, a
ghsanvdosv
CVE-2024-28116P2HIGHCVSS 8.8fixed in 1.7.452024-03-21
CVE-2024-28116 [HIGH] CWE-94 CVE-2024-28116: Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vul Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this i
ghsanvdosv
CVE-2026-42844P2HIGHCVSS 8.8v2.0.0v2.0.0-beta.22026-05-12
CVE-2026-42844 [HIGH] CWE-269 CVE-2026-42844: Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user wit Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created account with api.super privileges. This results in full administrative compromise of the Grav API. This vulnerabil
ghsanvd
CVE-2025-66300P3HIGHCVSS 8.5fixed in 1.8.0v1.8.0+1 more2025-12-01
CVE-2025-66300 [HIGH] CWE-22 CVE-2025-66300: Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page ed Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. This includes Grav user account files (/grav/user/accounts/*.yaml), which store hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise
ghsanvdosv
CVE-2024-27923P2HIGHCVSS 8.8fixed in 1.7.432024-03-21
CVE-2024-27923 [HIGH] CWE-287 CVE-2024-27923: Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may u Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue.
ghsanvdosv
CVE-2024-28118P3HIGHCVSS 8.8fixed in 1.7.452024-03-21
CVE-2024-28118 [HIGH] CWE-94 CVE-2024-28118: Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unr Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages can be enabled in the front matter by any administrative us
ghsanvdosv
Getgrav Grav vulnerabilities | cvebase