Description
Invicti has detected that the web application is based on Grav CMS. Grav Admin Plugin has a vulnerability that allows an unauthenticated user to execute some methods of administrator controller without needing any credentials. An attacker can use it to achieve RCE on the server.
Remediation
Upgrade to the latest version of Grav CMS
References
Related Vulnerabilities
Django CVE-2024-24680 Vulnerability (CVE-2024-24680)
PHP Cryptographic Issues Vulnerability (CVE-2015-8867)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2018-3245)
Internet Information Services Other Vulnerability (CVE-1999-0412)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-18033)