CNNVD-202508-596 Information

CNNVD ID

CNNVD-202508-596

Related CVE

CVE-2025-50286

• CNNVD Published: 2025-08-06

Description (Chinese)

Grav CMS是Grav开源的一个基于文件的扁平化内容管理系统。 Grav CMS v1.7.48版本存在安全漏洞，该漏洞源于允许经过身份验证的管理员通过admin/tools/direct-install接口上传恶意插件，可能导致远程代码执行。

Description (English)

Grav CMS is a document-based, paper-based content management system. There is a security loophole in version Grav CMS v1.7.48, which results from allowing the uploading of malicious plug-in via the admin/tools/direct-install interface by an accredited administrator, which may result in remote code implementation.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Grav

Published

2025-08-06

Last Modified

2026-02-24

References

https://github.com/binneko/CVE-2025-50286 http://grav.com https://www.exploit-db.com/exploits/52402 https://access.redhat.com/security/cve/cve-2025-50286

Patch

https://github.com/getgrav/grav/releases