GCVE - cpe:2.3:a:getgrav:grav_cms:1.7.0:beta4:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:getgrav:grav_cms:1.7.0:beta4:*:*:*:*:*:*

part: a version: 1.7.0 update: beta4

Vendor	Getgrav (`a335dd59-994b-520f-884a-04ce57f966e0`)
Product	Grav Cms (`2a54347c-c418-5094-ae32-50ea416319f6`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/getgrav/grav`	purl2cpe	2026-06-01 10:15:21.067713
`pkg:sourceforge/grav.mirror`	purl2cpe	2026-06-01 10:15:21.067715

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-29556`	vulnerable	2026-06-08 05:24:58.392123	Details available The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.) Published: 2021-03-15T17:58:17.000Z Updated: 2024-08-04T16:55:10.299Z Open on db.gcve.eu Reference links https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-29555`	vulnerable	2026-06-08 05:24:58.386139	Details available The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.) Published: 2021-03-15T18:00:01.000Z Updated: 2024-08-04T16:55:10.524Z Open on db.gcve.eu Reference links https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-29553`	vulnerable	2026-06-08 05:24:58.370901	Details available The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF). Published: 2021-03-15T18:20:50.000Z Updated: 2024-08-04T16:55:10.462Z Open on db.gcve.eu Reference links https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.