Incomplete List of Disallowed Inputs in Grav CMS

#VU77508 Incomplete List of Disallowed Inputs in Grav CMS

Published: 2023-06-19

Vulnerability identifier: #VU77508

Vulnerability risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34252

CWE-ID: CWE-184

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Grav CMS
Web applications / CMS

Vendor: Grav CMS

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to Server-side Template Injection (SSTI) issue in filterFilter. A remote administrator can execute arbitrary code on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Grav CMS: 1.7.0 - 1.7.40

External links
http://github.com/getgrav/grav/blob/1.7.40/system/src/Grav/Common/Twig/Extension/GravExtension.php#L1692-L1698
http://github.com/getgrav/grav/security/advisories/GHSA-96xv-rmwj-6p9w
http://github.com/getgrav/grav/blob/1.7.40/system/src/Grav/Common/Utils.php#L1956-L2074
http://github.com/getgrav/grav/commit/244758d4383034fe4cd292d41e477177870b65ec

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Grav CMS