CVE-2020-11529
MEDIUM NUCLEIGrav < 1.7 - Open Redirect via Common/Grav.php
Title source: llmExploitation Summary
CVE-2020-11529 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x.
Nuclei Templates (1)
Grav < 1.7 - Open Redirect
MEDIUMby 0x_Akoko
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/getgrav/grav/commit/2eae104c7a4bf32bc26cb8073d5c40464bfda3f7
Release Notes, Vendor Advisory x_refsource_misc
https://getgrav.org/#changelog
Third Party Advisory x_refsource_misc
https://github.com/getgrav/grav/issues/3134
Scores
CVSS v3
6.1
EPSS
0.1088
EPSS Percentile
95.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (2)
getgrav/grav
< 1.6.31
getgrav/grav
0 - 1.6.23Packagist
Published
Apr 04, 2020
Tracked Since
Feb 18, 2026