getgrav Grav CMS 1.7.0 Release Candidate 3
Approved changes feed: RSS · Atom
cpe:2.3:a:getgrav:grav_cms:1.7.0:rc3:*:*:*:*:*:*
part: a version: 1.7.0 update: rc3
| Vendor | Getgrav (a335dd59-994b-520f-884a-04ce57f966e0) |
|---|---|
| Product | Grav Cms (2a54347c-c418-5094-ae32-50ea416319f6) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/getgrav/grav |
purl2cpe | 2026-06-01 10:15:21.067782 |
pkg:sourceforge/grav.mirror |
purl2cpe | 2026-06-01 10:15:21.067783 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2020-29556 |
vulnerable | 2026-06-08 05:24:58.393005 |
Details available
The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)
Published: 2021-03-15T17:58:17.000Z
Updated: 2024-08-04T16:55:10.299Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-29555 |
vulnerable | 2026-06-08 05:24:58.390731 |
Details available
The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)
Published: 2021-03-15T18:00:01.000Z
Updated: 2024-08-04T16:55:10.524Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-29553 |
vulnerable | 2026-06-08 05:24:58.381541 |
Details available
The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).
Published: 2021-03-15T18:20:50.000Z
Updated: 2024-08-04T16:55:10.462Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.