CVE-2023-37897

Name of the Vulnerable Software and Affected Versions Grav versions 1.7.42 through 1.7.42.1

Description Grav is a file-based Web-platform built in PHP. It is subject to a server side template injection (SSTI) vulnerability. The fix for another SSTI vulnerability using |map, |filter and |reduce twigs introduces bypass of the denylist due to incorrect return value from isDangerousFunction(), which allows to execute the payload prepending double backslash (``). This vulnerability can be exploited if the attacker has access to an Administrator account, or a non-administrator user account that has Admin panel access and Create/Update page permissions.

Recommendations For Grav versions 1.7.42 through 1.7.42.1, upgrade to release version 1.7.42.2 to fix the vulnerability. As a temporary workaround, consider restricting access to the Admin panel and Create/Update page permissions to minimize the risk of exploitation. Avoid using the |map function with untrusted input until the issue is resolved.