Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Grav Arbitrary File Read to Account Takeover
Vulnerability Description
Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account and read any file in the web server by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. A low privileged user may also perform a full account takeover of other registered users including Administrators. Version 1.7.46 contains a patch.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Vulnerability Type
特权管理不恰当
Vulnerability Title
Grav 安全漏洞
Vulnerability Description
Grav是一套可扩展的用于个人博客、小型内容发布平台和单页产品展示的CMS(内容管理系统)。 Grav 1.7.46之前版本存在安全漏洞。攻击者利用该漏洞通过重置用户密码以从文件访问密码重置令牌或破解散列密码来危害任何注册帐户并读取 Web 服务器中的任何文件。
CVSS Information
N/A
Vulnerability Type
N/A