VYPR
High severityNVD Advisory· Published Mar 15, 2021· Updated Aug 4, 2024

CVE-2020-29555

CVE-2020-29555

Description

The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
getgrav/gravPackagist
>= 1.7.0-beta.1, <= 1.7.0-rc.17
getgrav/gravPackagist
< 1.6.301.6.30

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.