Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Grav is vulnerable to RCE via SSTI through Twig Sandbox Bypass
Vulnerability Description
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Server-Side Template Injection (SSTI) vulnerability exists in Grav that allows authenticated attackers with editor permissions to execute arbitrary commands on the server and, under certain conditions, may also be exploited by unauthenticated attackers. This vulnerability stems from weak regex validation in the cleanDangerousTwig method. This vulnerability is fixed in 1.8.0-beta.27.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Grav 安全漏洞
Vulnerability Description
Grav是Grav开源的一套可扩展的用于个人博客、小型内容发布平台和单页产品展示的CMS(内容管理系统)。 Grav 1.8.0-beta.27之前版本存在安全漏洞,该漏洞源于cleanDangerousTwig方法正则表达式验证不足,可能导致服务器端模板注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A