Exploit for #VU52363 Code Injection in Grav CMS

Exploit for #VU52363 Code Injection in Grav CMS

Published: 2021-06-06 | Updated: 2021-06-17

Vulnerability identifier: #VU52363

Vulnerability risk: Medium

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-29440

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 2

June 17, 2021
- Grav CMS 1.7.10 - Server-Side Template Injection (SSTI) (Authenticated) [Exploit-DB]
June 6, 2021
- CVE-2021-29440 (Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10) [Github]

Impact: Code execution

Vulnerable software:
Grav CMS
Web applications / CMS

Vendor: Grav CMS