CVE-2023-34253
Summary
| CVE | CVE-2023-34253 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-14 23:15:00 UTC |
| Updated | 2023-11-07 04:15:00 UTC |
| Description | Grav is a file-based Web platform. Prior to version 1.7.42, the denylist introduced in commit 9d6a2d to prevent dangerous functions from being executed via injection of malicious templates was insufficient and could be easily subverted in multiple ways -- (1) using unsafe functions that are not banned, (2) using capitalised callable names, and (3) using fully-qualified names for referencing callables. Consequently, a low privileged attacker with login access to Grav Admin panel and page creation/update permissions is able to inject malicious templates to obtain remote code execution. A patch in version 1.7.42 improves the denylist. |
Risk And Classification
Problem Types: CWE-94
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| more SSTI fixes in Utils::isDangerousFunction() · getgrav/grav@71bbed1 · GitHub | MISC | github.com | |
| Server Side Template Injection vulnerability found in grav | MISC | huntr.dev | |
| grav/system/src/Grav/Common/Utils.php at 1.7.40 · getgrav/grav · GitHub | MISC | github.com | |
| Fixed Twig `|filter()` allowing code execution · getgrav/grav@9d6a2db · GitHub | MISC | www.github.com | |
| Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability · Advisory · getgrav/grav · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.