CVE-2020-29556
The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)
| Software | From | Fixed in |
|---|---|---|
| getgrav / grav_cms | 1.7.0-beta8 | 1.7.0-beta8.x |
| getgrav / grav_cms | 1.7.0-beta9 | 1.7.0-beta9.x |
| getgrav / grav_cms | 1.7.0-beta10 | 1.7.0-beta10.x |
| getgrav / grav_cms | 1.7.0-rc1 | 1.7.0-rc1.x |
| getgrav / grav_cms | 1.7.0-rc2 | 1.7.0-rc2.x |
| getgrav / grav_cms | 1.7.0-rc3 | 1.7.0-rc3.x |
| getgrav / grav_cms | 1.7.0-rc4 | 1.7.0-rc4.x |
| getgrav / grav_cms | 1.7.0-rc5 | 1.7.0-rc5.x |
| getgrav / grav_cms | 1.7.0-rc6 | 1.7.0-rc6.x |
| getgrav / grav_cms | 1.7.0-rc7 | 1.7.0-rc7.x |
| getgrav / grav_cms | 1.7.0-rc8 | 1.7.0-rc8.x |
| getgrav / grav_cms | 1.7.0-rc9 | 1.7.0-rc9.x |
| getgrav / grav_cms | 1.7.0-rc10 | 1.7.0-rc10.x |
| getgrav / grav_cms | 1.7.0-rc11 | 1.7.0-rc11.x |
| getgrav / grav_cms | 1.7.0-rc12 | 1.7.0-rc12.x |
| getgrav / grav_cms | 1.7.0-rc13 | 1.7.0-rc13.x |
| getgrav / grav_cms | 1.7.0-rc14 | 1.7.0-rc14.x |
| getgrav / grav_cms | 1.7.0-rc15 | 1.7.0-rc15.x |
| getgrav / grav_cms | 1.7.0-rc16 | 1.7.0-rc16.x |
| getgrav / grav_cms | 1.7.0-rc17 | 1.7.0-rc17.x |
| getgrav / grav_cms | 1.7.0-beta1 | 1.7.0-beta1.x |
| getgrav / grav_cms | 1.7.0-beta2 | 1.7.0-beta2.x |
| getgrav / grav_cms | 1.7.0-beta3 | 1.7.0-beta3.x |
| getgrav / grav_cms | 1.7.0-beta4 | 1.7.0-beta4.x |
| getgrav / grav_cms | 1.7.0-beta5 | 1.7.0-beta5.x |
| getgrav / grav_cms | 1.7.0-beta6 | 1.7.0-beta6.x |
| getgrav / grav_cms | 1.7.0-beta7 | 1.7.0-beta7.x |
| getgrav / grav_cms | 1.7.0-rc20 | 1.7.0-rc20.x |
| getgrav / grav_cms | - | 1.7.0 |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime