Main Vulnerability Database Exploits ID:10859 - Exploit for Improper access control in Grav Admin Plugin - CVE-2021-21425

ID:10859 - Exploit for Improper access control in Grav Admin Plugin - CVE-2021-21425

Published: November 15, 2024

Vulnerability identifier: #VU52365

Vulnerability risk: High

CVE-ID: CVE-2021-21425

CWE-ID: CWE-284

Exploitation vector: Remote access

Vulnerable software:
Grav Admin Plugin

Link to public exploit:

https://github.com/bluetoothStrawberry/cve-2021-21425

Vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote attacker can execute some methods of administrator controller without needing any credentials, leading to arbitrary YAML file creation or content change of existing YAML files on the system.

Remediation

Install updates from vendor's website.

ID:10859 - Exploit for Improper access control in Grav Admin Plugin - CVE-2021-21425

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human