Every CVE whose affected-product data names Getgrav Grav Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2020-29553 — CVSS 8.8 (high): The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious…
CVE-2020-29555 — CVSS 8.1 (high): The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying…
CVE-2018-5233 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject…
CVE-2020-29556 — CVSS 5.5 (medium): The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying…