The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-03-15T18:20:50
Updated: 2024-08-04T16:55:10.462Z
Reserved: 2020-12-04T00:00:00
Link: CVE-2020-29553
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-03-15T19:15:13.243
Modified: 2021-03-18T15:26:38.057
Link: CVE-2020-29553
Redhat
No data.