Описание
Grav CMS Cross-Site Request Forgery (CSRF)
The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).
Пакеты
Наименование
getgrav/grav
composer
Затронутые версииВерсия исправления
>= 1.7.0-beta.1, <= 1.7.0-rc.17
Отсутствует
Наименование
getgrav/grav
composer
Затронутые версииВерсия исправления
< 1.6.30
1.6.30
Связанные уязвимости
CVSS3: 8.8
nvd
почти 5 лет назад
The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).