Vendor
critical
threat
Grav CMS Multiple RCE Vulnerabilities
3 rules 2 TTPsMultiple critical and high severity remote code execution vulnerabilities exist in Grav CMS due to unsafe unserialize functions, command injection in git clone, and an SSTI blocklist bypass, impacting versions prior to 2.0.0-beta.2.
Grav CMS +1
rce
unserialize
command-injection
ssti
3r
2t
critical
advisory
Grav Login Plugin Privilege Escalation Vulnerability
2 rules 1 TTP 1 IOCUnauthenticated users can escalate privileges to admin in Grav CMS by manipulating registration data due to missing server-side validation in the Login plugin.
Login Plugin +2
grav
privilege-escalation
web
2r
1t
1i