CNNVD-202601-2858 Information

CNNVD ID

CNNVD-202601-2858

Related CVE

CVE-2021-47812

• CNNVD Published: 2026-01-16

Description (Chinese)

GravCMS是Grav公司的一个内容管理系统。 GravCMS 1.10.7版本存在安全漏洞，该漏洞源于未经验证写入任意YAML配置，可能导致通过调度程序端点执行PHP代码。

Description (English)

GravCMS is a content management system for Grav. There is a security gap in version 1.10.7 of GravCMS, which stems from the unverified inclusion of any YAML configuration, which could result in the PHP code being implemented through the endpoint of the scheduler.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Grav

Published

2026-01-16

Last Modified

2026-02-24

References

https://getgrav.org https://www.exploit-db.com/exploits/49973 https://www.vulncheck.com/advisories/gravcms-arbitrary-yaml-writeupdate-unauthenticated

Patch

https://getgrav.org/