CNNVD-202512-020 Information

CNNVD ID

CNNVD-202512-020

Related CVE

CVE-2025-66300

• CNNVD Published: 2025-12-01

Description (Chinese)

Grav是Grav开源的一套可扩展的用于个人博客、小型内容发布平台和单页产品展示的CMS（内容管理系统）。 Grav 1.8.0-beta.27之前版本存在路径遍历漏洞，该漏洞源于低权限用户可读取服务器文件，可能导致账户泄露。

Description (English)

Grav is an extended set of CMS (Content Management System) for personal blogs, small content distribution platforms and single-page product presentations. Grav 1.8.0-beta.27 had a path-to-way loophole, which originated in low-permit user-accessible server files and could lead to an account leak.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

Grav

Published

2025-12-01

Last Modified

2026-02-24

References

https://github.com/getgrav/grav/security/advisories/GHSA-p4ww-mcp9-j6f2 https://github.com/getgrav/grav/commit/ed640a13143c4177af013cf001969ed2c5e197ee https://access.redhat.com/security/cve/cve-2025-66300

Patch

https://getgrav.org/downloads