VYPR

grav-plugin-admin

by Grav CMS

Source repositories

CVEs (4)

  • CVE-2021-21425CriApr 7, 2021
    risk 0.70cvss 9.3epss 0.80

    Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method…

  • CVE-2021-3920MedNov 19, 2021
    risk 0.00cvss 5.4epss 0.01

    grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

  • CVE-2021-3799MedSep 27, 2021
    risk 0.00cvss 5.4epss 0.02

    grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames

  • CVE-2021-29439HigApr 13, 2021
    risk 0.00cvss 7.2epss 0.03

    The Grav admin plugin prior to version 1.10.11 does not correctly verify caller's privileges. As a consequence, users with the permission `admin.login` can install third-party plugins and their dependencies. By installing the right plugin, an attacker can obtain an arbitrary…