CVE-2020-29556

Path Traversal in packagist/getgrav/grav

Identifier

CVE-2020-29556

Package Slug

packagist/getgrav/grav

Vulnerability

Path Traversal

Description

The Backup functionality in Grav CMS allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.`

Affected Versions

All versions before 1.7.0

Solution

Upgrade to version 1.7.0 or above.

Last Modified

2021-03-25

source