VYPR
Critical severityNVD Advisory· Published Jun 14, 2023· Updated Dec 27, 2024

Grav Server Side Template Injection vulnerability

CVE-2023-34251

Description

Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. Version 1.7.42 contains a fix for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
getgrav/gravPackagist
< 1.7.421.7.42

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.