Plattform
php
Komponente
grav
Behoben in
1.7.46
A critical Path Traversal vulnerability has been identified in Grav CMS versions prior to 1.7.45. This flaw allows attackers to upload files with arbitrary extensions, potentially overwriting existing files or creating new ones. Successful exploitation could lead to code injection, data exfiltration via CSS exfiltration, and compromise of backup files. The vulnerability is resolved with an upgrade to version 1.7.45.
The impact of this Path Traversal vulnerability is significant. Attackers can leverage it to upload malicious files disguised with extensions like .json, .zip, or .css. This allows them to overwrite critical system files, inject arbitrary code onto the server, and potentially gain remote code execution. Furthermore, attackers could exploit this to exfiltrate sensitive data using CSS exfiltration techniques, a method that bypasses traditional web application firewalls. The ability to manipulate backup files also poses a serious threat to data integrity and recovery efforts. This vulnerability is particularly concerning given Grav CMS's popularity as a flat-file CMS, often deployed in environments with limited security controls.
CVE-2024-27921 was publicly disclosed on March 21, 2024. There is currently no indication of active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog at the time of writing. Public proof-of-concept (PoC) code is not widely available, but the vulnerability's nature makes it likely that PoCs will emerge if it remains unpatched in exposed deployments.
Websites and applications relying on Grav CMS versions prior to 1.7.45 are at risk. This includes developers and system administrators who manage Grav CMS installations, particularly those using the default file upload functionality without implementing additional security measures. Shared hosting environments utilizing Grav CMS are also at increased risk due to the potential for cross-site contamination.
• linux / server: Monitor web server access logs for unusual file upload requests with suspicious extensions (e.g., .json, .zip). Use grep to search for patterns like /uploads/ followed by unexpected file extensions.
grep -i '/uploads/\.[a-z]+\$' /var/log/apache2/access.log• generic web: Use curl to test file upload endpoints with various extensions and observe the server's response. Look for successful uploads of unexpected file types.
curl -F '[email protected]' https://your-grav-site.com/uploads• php: Review the Grav CMS file upload configuration files for any insecure settings or missing validation checks. Examine the system/config/site.yaml file for upload-related settings.
disclosure
Exploit-Status
EPSS
8.77% (92% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-27921 is to immediately upgrade Grav CMS to version 1.7.45 or later. If upgrading is not immediately feasible, consider implementing strict file upload validation on the server-side to prevent the upload of files with unauthorized extensions. Web application firewalls (WAFs) can be configured with rules to block requests containing suspicious file extensions or patterns indicative of path traversal attempts. Regularly review and audit file upload processes to identify and address potential vulnerabilities. After upgrading, confirm the fix by attempting to upload a file with a restricted extension (e.g., .php) and verifying that the upload is rejected.
Actualice Grav a la versión 1.7.45 o superior. Esta versión contiene la corrección para la vulnerabilidad de path traversal en la carga de archivos. La actualización se puede realizar a través del panel de administración de Grav o mediante la línea de comandos.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-27921 is a Path Traversal vulnerability affecting Grav CMS versions up to 1.7.45, allowing attackers to manipulate file uploads and potentially inject malicious code.
You are affected if you are using Grav CMS version 1.7.45 or earlier. Upgrade to version 1.7.45 to resolve the vulnerability.
The recommended fix is to upgrade Grav CMS to version 1.7.45. If immediate upgrade is not possible, implement temporary workarounds like restricting file upload types.
While no confirmed active exploitation campaigns have been reported, the vulnerability's public disclosure increases the risk of exploitation.
Refer to the Grav CMS security advisory for detailed information and updates: [https://grav.0x.ninja/security/2024-03-21-path-traversal](https://grav.0x.ninja/security/2024-03-21-path-traversal)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.