Lucene search
Effectrenan3EF640E6-9E25-4ECB-8EC1-64311D63FE66HistoryApr 07, 2022 - 9:45 p.m.
Server Side Template Injection
2022-04-0721:45:14
effectrenan
www.huntr.dev
14
grav
server side template injection
twig
vulnerability
poc
admin panel
EPSS
0.001
Percentile
41.2%
Description
Grav is vulnerable to Server Side Template Injection via Twig. According to a previous vulnerability report, Twig should not render dangerous functions by default, such as system.
Proof of Concept
Payload:
{{['cat\x20/etc/passwd']|filter('system')}}
- With an authenticated user, access the admin panel.
- Edit a page, enabling Twig in the
Advancedtab. - Put the payload in the content.
- Save and check out the post.
Related
github
github
Code injection in grav
2022-06-30 00:00:29
Grav Server-side Template Injection (SSTI) via Twig Default Filters
2023-06-16 19:37:08
Grav Server-side Template Injection (SSTI) via Twig Default Filters
2023-06-16 19:36:39
osv
osv
Code injection in grav
2022-06-30 00:00:29
CVE-2022-2073
2022-06-29 19:15:09
CVE-2023-34448
2023-06-14 23:15:11
veracode
veracode
Remote Code Execution
2022-06-30 05:21:45
Server-side Template Injection(SSTI)
2023-06-21 07:09:56
prion
prion
Code injection
2022-06-29 19:15:00
Design/Logic Flaw
2023-06-14 23:15:00
cvelist
cvelist
CVE-2022-2073 Code Injection in getgrav/grav
2022-06-29 18:20:11
nvd
nvd
CVE-2022-2073
2022-06-29 19:15:09
CVE-2023-34448
2023-06-14 23:15:11
cve
cve
CVE-2022-2073
2022-06-29 19:15:09
CVE-2023-34448
2023-06-14 23:15:11