Matias Griese

10 exploits Active since Apr 2021
CVE-2021-29439 WRITEUP HIGH WRITEUP
Grav Admin Plugin < 1.10.11 - Incorrect Authorization Leading to Arbitrary Plugin Installation
The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary code execution primitive and elevate their privileges on the instance. The vulnerability has been addressed in version 1.10.11. As a mitigation blocking access to the `/admin` path from untrusted sources will reduce the probability of exploitation.
CVSS 7.2
CVE-2021-3799 WRITEUP MEDIUM WRITEUP
Grav Admin Plugin < 1.10.20 - Clickjacking via Unrestricted UI Layer Rendering
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames
CVSS 5.4
CVE-2021-3818 WRITEUP MEDIUM WRITEUP
Grav < 1.7.22 - Reliance on Cookies without Validation and Integrity Checking
grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking
CVSS 5.3
CVE-2021-3904 WRITEUP MEDIUM WRITEUP
Grav < 1.7.24 - Cross-Site Scripting
grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 5.4
CVE-2021-3920 WRITEUP MEDIUM WRITEUP
grav-plugin-admin < 1.10.25 - Cross-Site Scripting
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS 5.4
CVE-2021-3924 WRITEUP HIGH WRITEUP
Grav < 1.7.24 - Path Traversal
grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS 7.5
CVE-2022-0268 WRITEUP MEDIUM WRITEUP
Packagist getgrav/grav <1.7.28 - XSS
Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28.
CVSS 5.4
CVE-2022-0970 WRITEUP MEDIUM WRITEUP
Grav < 1.7.31 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav prior to 1.7.31.
CVSS 5.4
CVE-2022-1173 WRITEUP MEDIUM WRITEUP
Grav < 1.7.33 - Stored Cross-Site Scripting
stored xss in GitHub repository getgrav/grav prior to 1.7.33.
CVSS 5.4
CVE-2023-34448 WRITEUP HIGH WRITEUP
Grav < 1.7.42 - Server-Side Template Injection via Twig map() and reduce() Functions
Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke arbitrary unsafe functions, thereby allowing for remote code execution. A patch in version 1.74.2 overrides the built-in Twig `map()` and `reduce()` filter functions in `system/src/Grav/Common/Twig/Extension/GravExtension.php` to validate the argument passed to the filter in `$arrow`.
CVSS 8.8