CVE-2021-21425

Summary

CVE	CVE-2021-21425
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-04-07 19:15:00 UTC
Updated	2022-10-24 20:56:00 UTC
Description	Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Getgrav	Grav-plugin-admin	All	All	All	All

References

Reference	Source	Link	Tags
GravCMS 1.10.7 Remote Command Execution ≈ Packet Storm	MISC	packetstormsecurity.com
GravCMS 1.10.7 Remote Command Execution ≈ Packet Storm	MISC	packetstormsecurity.com
Unauthenticated Arbitrary YAML Write/Update leads to Code Execution · Advisory · getgrav/grav-plugin-admin · GitHub	CONFIRM	github.com
Unexpected Journey #7 – GravCMS Unauthenticated Arbitrary YAML Write/Update leads to Code Execution – Pentest Blog	MISC	pentest.blog
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.