Grav

Grav versions 1.7.44 through 1.7.49.5 are vulnerable to insecure deserialization in the File Cache component, where the `unserialize` function with `allowed_classes => true` can lead to arbitrary code execution if an attacker tampers with cache files.

Unauthenticated users can escalate privileges to admin in Grav CMS by manipulating registration data due to missing server-side validation in the Login plugin.

A privilege escalation vulnerability in the Grav API plugin allows authenticated users with basic API access to elevate their privileges to Super Administrator, leading to full system compromise and potential remote code execution.