Product

Grav-Plugin-Form

1 brief RSS

Grav Form Plugin Anonymous Page Content Overwrite Vulnerability

Grav Form plugin versions before 9.1.0 allow unauthenticated users to overwrite page content by uploading a malicious markdown file, leading to potential privilege escalation by crafting a new super-admin user.

grav-plugin-form grav cms file-upload privilege-escalation content-overwrite

2r 2t Jan 9, 2024