Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Grav ihas Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions
Vulnerability Description
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical fields on a POST request to /admin/pages/{page_name}, an editor with only permissions to change basic content on the form is now able to change the functioning of the form through modifying the content of the data[_json][header][form] which is the YAML frontmatter which includes the process section which dictates what happens after a user submits the form which include some important actions that could lead to further vulnerabilities. This vulnerability is fixed in 1.8.0-beta.27.
CVSS Information
N/A
Vulnerability Type
授权机制不恰当
Vulnerability Title
Grav 授权问题漏洞
Vulnerability Description
Grav是Grav开源的一套可扩展的用于个人博客、小型内容发布平台和单页产品展示的CMS(内容管理系统)。 Grav 1.8.0-beta.27之前版本存在授权问题漏洞,该漏洞源于授权检查不当,可能导致表单功能被修改。
CVSS Information
N/A
Vulnerability Type
N/A