Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. Version 1.7.42 contains a fix for this issue.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| getgrav/grav(Packagist) | 0 | 1.7.42 | N/A |
CVSS Metrics
