Описание
Grav CMS Local File Injection
The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)
Пакеты
Наименование
getgrav/grav
composer
Затронутые версииВерсия исправления
>= 1.7.0-beta.1, <= 1.7.0-rc.17
Отсутствует
Наименование
getgrav/grav
composer
Затронутые версииВерсия исправления
< 1.6.30
1.6.30
Связанные уязвимости
CVSS3: 5.5
nvd
почти 5 лет назад
The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)