Multiple vulnerabilities in Grav CMS
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2023-30592 CVE-2023-30593 CVE-2023-30594 CVE-2023-34253 CVE-2023-34448 CVE-2023-34252 CVE-2023-34251 |
| CWE-ID | CWE-94 CWE-20 CWE-184 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #7 is available. |
| Vulnerable software Subscribe |
Grav CMS Web applications / CMS |
| Vendor | Grav CMS |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Code Injection
EUVDB-ID: #VU77510
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-30592
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to Server Side Template Injection (SSTI) issue in the Utils::isDangerousFunction() function. A remote administrator can send a specially crafted request and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGrav CMS: 1.7.0 - 1.7.40
External linkshttp://github.com/getgrav/grav/security/advisories/GHSA-j3v8-v77f-fvgm
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Code Injection
EUVDB-ID: #VU77511
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-30593
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to Server Side Template Injection (SSTI) issue in the Utils::isDangerousFunction() function. A remote administrator can send a specially crafted request and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGrav CMS: 1.7.0 - 1.7.40
External linkshttp://github.com/getgrav/grav/security/advisories/GHSA-j3v8-v77f-fvgm
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Code Injection
EUVDB-ID: #VU77512
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-30594
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to Server Side Template Injection (SSTI) issue in the Utils::isDangerousFunction() function. A remote administrator can send a specially crafted request and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGrav CMS: 1.7.0 - 1.7.40
External linkshttp://github.com/getgrav/grav/security/advisories/GHSA-j3v8-v77f-fvgm
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Code Injection
EUVDB-ID: #VU77513
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34253
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to Server Side Template Injection (SSTI) issue via denylist bypass. A remote administrator can send a specially crafted request and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGrav CMS: 1.7.0 - 1.7.40
External linkshttp://github.com/getgrav/grav/security/advisories/GHSA-j3v8-v77f-fvgm
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU77509
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34448
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to Server-side Template Injection (SSTI) issue in the Twig Default Filters. A remote administrator can pass specially crafted input to the application and execute arbitrary code on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGrav CMS: 1.7.0 - 1.7.40
External linkshttp://github.com/twigphp/Twig/blob/v1.44.7/src/Environment.php#L148
http://github.com/getgrav/grav/security/advisories/GHSA-whr7-m3f8-mpm8
http://www.github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83
http://github.com/getgrav/grav/commit/8c2c1cb72611a399f13423fc6d0e1d998c03e5c8
http://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Incomplete List of Disallowed Inputs
EUVDB-ID: #VU77508
Risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-34252
CWE-ID:
CWE-184 - Incomplete List of Disallowed Inputs
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to Server-side Template Injection (SSTI) issue in filterFilter. A remote administrator can execute arbitrary code on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGrav CMS: 1.7.0 - 1.7.40
External linkshttp://github.com/getgrav/grav/blob/1.7.40/system/src/Grav/Common/Twig/Extension/GravExtension.php#L1692-L1698
http://github.com/getgrav/grav/security/advisories/GHSA-96xv-rmwj-6p9w
http://github.com/getgrav/grav/blob/1.7.40/system/src/Grav/Common/Utils.php#L1956-L2074
http://github.com/getgrav/grav/commit/244758d4383034fe4cd292d41e477177870b65ec
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Code Injection
EUVDB-ID: #VU77507
Risk: Low
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-34251
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to Server Side Template Injection (SSTI) issue in the admin screen. A remote administrator can send a specially crafted request and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsGrav CMS: 1.7.41.1
External linkshttp://github.com/getgrav/grav/security/advisories/GHSA-f9jf-4cp4-4fq5
http://github.com/getgrav/grav/blob/develop/system/src/Grav/Common/Twig/Extension/GravExtension.php#L174
http://github.com/getgrav/grav/commit/9d01140a63c77075ef09b26ef57cf186138151a5
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
