Home > Vulnerability Database > CVE-2024-27923

Mend.io Vulnerability Database

CVE-2024-27923

Date: March 6, 2024

Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the "frontmatter" feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue.

Severity Score

8.8

Related Resources (5)

Url: https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07

Url: https://github.com/getgrav/grav

Url: https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-27923

Url: https://www.mend.io/vulnerability-database/CVE-2024-27923

Severity Score

8.8

Weakness Type (CWE)

Improper Authentication

CWE-287

Unrestricted Upload of File with Dangerous Type

CWE-434

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-27923

Date: March 6, 2024

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?