#VU77509 Input validation error in Grav CMS - CVE-2023-34448

Cybersecurity Help s.r.o.

Published: 2023-06-19

Vulnerability identifier: #VU77509

Vulnerability risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-34448

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Grav CMS
Web applications / CMS

Vendor: Grav CMS

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to Server-side Template Injection (SSTI) issue in the Twig Default Filters. A remote administrator can pass specially crafted input to the application and execute arbitrary code on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Grav CMS: 1.7.0 - 1.7.40

External links
https://github.com/twigphp/Twig/blob/v1.44.7/src/Environment.php#L148
https://github.com/getgrav/grav/security/advisories/GHSA-whr7-m3f8-mpm8
https://www.github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83
https://github.com/getgrav/grav/commit/8c2c1cb72611a399f13423fc6d0e1d998c03e5c8
https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Grav CMS