exploitDog

CVE-2025-50286

Опубликовано: 06 авг. 2025

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access.

Ссылки

https://github.com/binneko/CVE-2025-50286
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:getgrav:grav:1.7.48:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02214

Низкий

8.1 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-wqvw-453m-rjm2

CVSS3: 8.1

github

6 месяцев назад

A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access.

EPSS

Процентиль: 84%

0.02214

Низкий

8.1 High

CVSS3

Дефекты

CWE-434