-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing CSRF protection in scheduler task execution endpoints. AdminController::taskRunJob is the primary entry point for scheduler job execution in the admin interface, which would typically require CSRF validation(). The Scheduler::runJob function's direct command execution capability becomes dangerous when called without proper authorization checks. While exact code isn't available, Grav's architecture patterns and the vulnerability description strongly suggest these functions as the attack surface.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| getgrav/grav | composer | >= 1.7.0-beta.1, <= 1.7.0-rc.17 | |
| getgrav/grav | composer | < 1.6.30 | 1.6.30 |
Ongoing coverage of React2Shell