PT-2020-12666 · Grav · Grav

Rotzbua

Published

2020-04-04

Updated

2022-01-07

CVE-2020-11529

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.7 Grav versions 1.6.x (except 1.6.23 and later)

Description The issue is related to an Open Redirect in the Common/Grav.php file. This problem is partially fixed in version 1.6.23 but still exists in other 1.6.x versions.

Recommendations For Grav versions prior to 1.6.23, update to version 1.6.23 or later to partially mitigate the issue. For Grav versions 1.6.x (except 1.6.23 and later), consider disabling the vulnerable Common/Grav.php file until a patch is available. For Grav versions prior to 1.7, update to version 1.7 or later to fully resolve the issue.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2020-11529

GHSA-WRXC-MR2W-CJPV

Affected Products

Grav

PT-2020-12666 · Grav · Grav

CVE-2020-11529

Weakness Enumeration

Related Identifiers

Affected Products

References · 8