EPSS
Percentile
41.2%
getgrav/grav is vulnerable to remote code execution. An authenticated remote attacker is able to cause server side template injection via Twig which renders risky functions by default, such as system.
Twig
system
github.com/getgrav/grav/commit/9d6a2dba09fd4e56f5cdfb9a399caea355bfeb83
huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66
huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/