CVE-2021-47812

CRITICAL

GravCMS 1.10.7 - Unauthenticated Arbitrary YAML Write and PHP Execution via Scheduler Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47812. PoCs published by legend.

AI-analyzed exploit summary This exploit targets GravCMS 1.10.7 by leveraging an unauthenticated arbitrary YAML write vulnerability to achieve remote code execution (RCE). It uses a crafted scheduler task to execute a base64-encoded reverse shell payload via PHP's `eval` function.

Description

GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with system command execution.

Exploits (1)

exploitdb WORKING POC VERIFIED
by legend · pythonwebappsphp
https://www.exploit-db.com/exploits/49973

This exploit targets GravCMS 1.10.7 by leveraging an unauthenticated arbitrary YAML write vulnerability to achieve remote code execution (RCE). It uses a crafted scheduler task to execute a base64-encoded reverse shell payload via PHP's `eval` function.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: GravCMS 1.10.7
No auth needed
Prerequisites: Target must be running GravCMS 1.10.7 · Admin panel must be accessible · Network connectivity to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.0199
EPSS Percentile 78.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-862
Status published
Products (2)
getgrav/grav 1.10.7
Getgrav/GravCMS 1.10.7
Published Jan 16, 2026
Tracked Since Feb 18, 2026