CVE-2024-28116

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 21, 2024

Updated: Jan 2, 2025

CWE ID 1336

CWE ID 94

Summary

CVE-2024-28116 is a newly identified vulnerability affecting the open-source Grav content management system. This issue allows authenticated users, including those with editor permissions, to execute arbitrary code on the server through a Server-Side Template Injection (SSTI) vulnerability. Grav CMS versions prior to 1.7.45 are susceptible to this exploit, which can bypass the existing security sandbox. The latest release, version 1.7.45, includes a patch to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Getgrav Grav

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uwNIQc
https://www.cve.org/CVERecord?id=CVE-2024-28116
https://nvd.nist.gov/vuln/detail/CVE-2024-28116

Back to Vulnerability Database

CVE-2024-28116

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations