Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. Version 1.7.42 contains a fix for this issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-06-14T21:31:31.908Z

Updated: 2024-08-02T16:01:54.348Z

Reserved: 2023-05-31T13:51:51.174Z

Link: CVE-2023-34251

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-06-14T22:15:09.333

Modified: 2024-11-21T08:06:51.773

Link: CVE-2023-34251

cve-icon Redhat

No data.