CVE-2024-28116

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 21, 2024

Updated: Mar 22, 2024

CWE ID 1336

CWE ID 94

Summary

CVE-2024-28116 is a newly disclosed vulnerability affecting Grav, an open-source content management system. This issue is a Server-Side Template Injection (SSTI) vulnerability, which permits authenticated users, including those with editor permissions, to execute arbitrary code on the server. The flaw bypasses the existing security sandbox, posing a significant risk. Grav CMS users are advised to upgrade to version 1.7.45, which contains a patch to remediate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uwNIQc
https://www.cve.org/CVERecord?id=CVE-2024-28116
https://nvd.nist.gov/vuln/detail/CVE-2024-28116

Back to Vulnerability Database

CVE-2024-28116

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations