Grav Fixes Remote Code Execution Vulnerability in Previous Versions
CVE-2024-27923

8.8HIGH

Key Information:

Vendor: Getgrav
Status: Grav
Vendor: CVE Published:; 21 March 2024

What is CVE-2024-27923?

Grav, a popular content management system, has been flagged for a vulnerability that allows users with write permissions to exploit the 'frontmatter' feature. This arises from a lack of adequate permission validation as well as insufficient file name validation. Attackers can potentially execute remote code, compromising the integrity and security of the CMS. The issue has been successfully addressed in version 1.7.43, urging users to update to safeguard their applications.

Affected Version(s)

grav < 1.7.43

References

https://github.com/getgrav/grav/security/advisories/GHSA-...

x_refsource_CONFIRM

https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c...

x_refsource_MISC

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 21, 2024
Vulnerability Reserved
Feb 28, 2024

JSON

Getgrav

What is CVE-2024-27923?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline