Exploit for #VU87712 Code Injection in Grav CMS

Published: 2024-04-09 | Updated: 2025-01-17

Vulnerability identifier: #VU87712

Vulnerability risk: Medium

CVSSv4.0: 7.4 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2024-28116

CWE-ID: CWE-94

Exploitation vector: Network

Exploits in database: 4

January 17, 2025
- GenGravSSTIExploit (is a PoC Python script that exploits an authenticated Server-Side Template Injection (SSTI) vulnerability in Grav CMS versions <= 1.7.44 (CVE-2024-28116)) [Github]
October 11, 2024
- GenGravSSTIExploit [Github]
October 9, 2024
- Grav-CMS-RCE-Authenticated (Exploit against Grav CMS (versions below 1.7.45) that allows Remote Code Execution for an authenticated user - CVE-2024-28116) [Github]
April 9, 2024
- Graver [Github]

Vulnerable software:
Grav CMS
Web applications / CMS

Vendor: Grav CMS