Exposição de Grav
CMS43
score de exposição
747
sites usam
0
em exploração
3
críticos
CVEs
45 resultadosCVE-2024-27921HIGHGrav File Upload Path Traversal vulnerabilityEPSS 60.6%CVE-2021-29440HIGHTwig allowing dangerous PHP functions by defaultEPSS 30.6%CVE-2024-28116HIGHServer-Side Template Injection (SSTI) with Grav CMS security sandbox bypassEPSS 5.8%CVE-2023-34448HIGHGrav Server-side Template Injection (SSTI) via Twig Default FiltersEPSS 4.5%CVE-2026-42607CRITICALGrav: Remote Code Execution (RCE) via Malicious Plugin ZIP Upload in Direct Install FeatureEPSS 3.9%CVE-2024-34082HIGHGrav Arbitrary File Read to Account TakeoverEPSS 3.1%CVE-2025-66294HIGHGrav is vulnerable to RCE via SSTI through Twig Sandbox BypassEPSS 2.6%CVE-2023-34251CRITICALGrav Server Side Template Injection vulnerabilityEPSS 2.3%CVE-2023-37897HIGHServer-side Template Injection (SSTI) in gravEPSS 2.3%CVE-2023-34252HIGHGrav Server-side Template Injection via Insufficient Validation in filterFilterEPSS 2.1%CVE-2023-34253HIGHGrav vulnerable to Server-side Template Injection (SSTI) via Denylist BypassEPSS 2.1%CVE-2024-28119HIGHGrav vulnerable to Server Side Template Injection (SSTI) via Twig escape handlerEPSS 1.6%CVE-2024-28117HIGHGrav vulnerable to Server Side Template Injection (SSTI)EPSS 1.4%CVE-2024-27923HIGHRemote Code Execution by uploading a phar file using frontmatterEPSS 1.4%CVE-2025-66301HIGHGrav ihas Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actionsEPSS 1.2%CVE-2024-28118HIGHGrav vulnerable to Server Side Template Injection (SSTI)EPSS 1.2%CVE-2026-42613CRITICALGrav: Privilege Escalation via Missing Server-Side Validation of groups/accessEPSS 0.9%CVE-2025-66297HIGHGrav vulnerable to Privilege Escalation and Authenticated Remote Code Execution via Twig InjectionEPSS 0.7%CVE-2023-34452MEDIUMGrav vulnerable to Self Cross Site Scripting in /forgot_passwordEPSS 0.6%CVE-2026-42608HIGHGrav: Unauthenticated Path Traversal & Arbitrary File Write in FormFlash component.EPSS 0.5%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →