WEB APPLICATION VULNERABILITIES Standard & Premium

Grav CMS Unauthenticated RCE (CVE-2021-21425)

Description

Acunetix has detected that the web application is based on Grav CMS. Grav Admin Plugin has a vulnerability that allows an unauthenticated user to execute some methods of administrator controller without needing any credentials. An attacker can use it to achieve RCE on the server.

Remediation

Upgrade to the latest version of Grav CMS

References

GravCMS Unauthenticated Arbitrary YAML Write/Update leads to Code Execution

Related Vulnerabilities

MyBB Other Vulnerability (CVE-2007-0622)

MongoDb Improper Certificate Validation Vulnerability (CVE-2023-1409)

MySQL CVE-2018-2782 Vulnerability (CVE-2018-2782)

Apache Traffic Server Improper Input Validation Vulnerability (CVE-2018-1318)

Ruby on Rails Improper Input Validation Vulnerability (CVE-2016-2098)

Severity

High

Classification

CVE-2021-21425 CWE-284 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Known Vulnerabilities