CVE-2024-28116

HIGH

CVSS v3

8.8

HIGH

EPSS Score

57.0%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue.

Technical Details

Published
3/21/2024

Frequently Asked Questions

What is CVE-2024-28116?

Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue.

Is CVE-2024-28116 actively exploited?

Active exploitation of CVE-2024-28116 has not been confirmed. The EPSS score is 57.0%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-28116?

CVE-2024-28116 has a CVSS v3 base score of 8.8 (HIGH severity).

Is CVE-2024-28116 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.