CVE-2026-55885 in Grav정보

요약

\~에 의해 MITRE • 2026. 07. 10.

Grav is a file-based Web platform. Prior to 1.7.53, an authenticated administrator with backup permissions can download a ZIP archive containing the full Grav installation root, including user/accounts/admin.yaml with the administrator password hash and user/config with site configuration, through the backup download endpoint protected only by the session-static admin-nonce URL parameter. This issue is reported as fixed in version 1.7.53.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

책임이 있는

GitHub M

예약하다

2026. 06. 17.

모더레이션

수락

항목

VDB-377546

EPSS

0.00000

출처

Want to stay up to date on a daily basis?

Enable the mail alert feature now!