CVE-2020-29555

Path Traversal in packagist/getgrav/grav

Identifier

CVE-2020-29555

Package Slug

packagist/getgrav/grav

Vulnerability

Path Traversal

Description

The BackupDelete functionality in Grav CMS allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)

Affected Versions

All versions before 1.7.0

Solution

Upgrade to version 1.7.0 or above.

Last Modified

2021-03-25

source