Lucene search
GoogleOSV:CVE-2020-29556HistoryMar 15, 2021 - 6:15 p.m.
CVE-2020-29556
2021-03-1518:15:17
Google
osv.dev
5
grav cms
backup functionality
vulnerability
unauthorized file access
path traversal
csrf protection
The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)
Related
osv
osv
CVE-2020-29555
2021-03-15 18:15:17
Grav CMS Cross-Site Request Forgery (CSRF)
2022-05-24 17:44:32
CVE-2020-29553
2021-03-15 19:15:13
github
github
Grav CMS Cross-Site Request Forgery (CSRF)
2022-05-24 17:44:32
Grav CMS Arbitrary File Deletion
2022-05-24 17:44:32
Grav CMS Local File Injection
2022-05-24 17:44:32
prion
prion
Path traversal
2021-03-15 18:15:00
Cross site request forgery (csrf)
2021-03-15 19:15:00
Path traversal
2021-03-15 18:15:00
nvd
nvd
cvelist
cvelist
cve
cve