Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-66301

Опубликовано: 01 дек. 2025
Источник: nvd
CVSS3: 9.6
EPSS Средний

Описание

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical fields on a POST request to /admin/pages/{page_name}, an editor with only permissions to change basic content on the form is now able to change the functioning of the form through modifying the content of the data[_json][header][form] which is the YAML frontmatter which includes the process section which dictates what happens after a user submits the form which include some important actions that could lead to further vulnerabilities. This vulnerability is fixed in 1.8.0-beta.27.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*
Версия до 1.8.0 (исключая)
cpe:2.3:a:getgrav:grav:1.8.0:beta1:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta10:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta11:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta12:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta13:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta14:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta15:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta16:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta17:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta18:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta19:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta2:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta20:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta21:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta22:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta23:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta24:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta25:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta26:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta3:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta4:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta5:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta6:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta7:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta8:*:*:*:*:*:*
cpe:2.3:a:getgrav:grav:1.8.0:beta9:*:*:*:*:*:*

EPSS

Процентиль: 97%
0.32399
Средний

9.6 Critical

CVSS3

Дефекты

CWE-285

Связанные уязвимости

github логотип

GHSA-v8x2-fjv7-8hjh

github
17 дней назад

Grav has Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions

EPSS

Процентиль: 97%
0.32399
Средний

9.6 Critical

CVSS3

Дефекты

CWE-285