CVE-2025-50286 Information
Aug 07, 2025
cve
Description
A Remote Code Execution (RCE) vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded the plugin is automatically extracted and loaded allowing arbitrary PHP code execution and reverse shell access.
Reference
http://grav.com https://github.com/binneko https://github.com/binneko/CVE-2025-50286
Related CNNVD
CNNVD-202508-596 (Published: 2025-08-06)
Share on: