Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| getgrav/grav(Packagist) | 0 | 1.7.45 | N/A |
CVSS Metrics
