CNNVD-202512-029 Information

CNNVD ID

CNNVD-202512-029

Related CVE

CVE-2025-66296

• CNNVD Published: 2025-12-01

Description (Chinese)

Grav是Grav开源的一套可扩展的用于个人博客、小型内容发布平台和单页产品展示的CMS（内容管理系统）。 Grav 1.8.0-beta.27之前版本存在安全漏洞，该漏洞源于创建用户时缺少用户名唯一性验证，可能导致权限提升。

Description (English)

Grav is an extended set of CMS (Content Management System) for personal blogs, small content distribution platforms and single-page product presentations. The previous version of Grav 1.8.0-beta.27 had a security loophole, which stemmed from the lack of unique authentication of the user name when creating the user, which could lead to increased privileges.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Grav

Published

2025-12-01

Last Modified

2026-02-24

References

https://github.com/getgrav/grav/commit/3462d94d575064601689b236508c316242e15741 https://github.com/getgrav/grav/security/advisories/GHSA-cjcp-qxvg-4rjm https://access.redhat.com/security/cve/cve-2025-66296

Patch

https://getgrav.org/downloads