In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade getgrav/grav to version 1.7.53 or higher.
getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS.
Affected versions of this package are vulnerable to Insufficiently Protected Credentials in the backup process. An attacker can obtain sensitive account credentials and configuration secrets by leveraging access to a valid admin-nonce value, which can be acquired through methods such as Referrer leakage, browser history, or XSS. This enables exfiltration of password hashes for offline cracking and potential account takeover. The download endpoint also reveals the server's full filesystem path in a Base64-encoded query parameter, increasing the risk of further attacks.