Grav ihas Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical fields on a POST request to /admin/pages/{page_name}, an editor with only permissions to change basic content on the form is now able to change the functioning of the form through modifying the content of the data[_json][header][form] which is the YAML frontmatter which includes the process section which dictates what happens after a user submits the form which include some important actions that could lead to further vulnerabilities. This vulnerability is fixed in 1.8.0-beta.27.

N/A

授权机制不恰当

Grav 授权问题漏洞

Grav是Grav开源的一套可扩展的用于个人博客、小型内容发布平台和单页产品展示的CMS（内容管理系统）。 Grav 1.8.0-beta.27之前版本存在授权问题漏洞，该漏洞源于授权检查不当，可能导致表单功能被修改。

N/A

N/A