Grav CMS 1.7.44 Server-Side Template Injection

Ruby-SAML / GitLab Authentication Bypass

iTunes For Windows 12.13.2.3 Local Privilege Escalation

ABB Cylon Aspect 3.08.00 syslogSwitch.php Remote Code Execution

ABB Cylon Aspect 3.08.01 caldavUtil.php Remote Code Execution

GenGravSSTIExploit is a proof of concept Python script that exploits an authenticated server-side template injection (SSTI) vulnerability in Grav CMS versions 1.7.44 and below. This vulnerability allows a user with editor permissions to execute OS commands on a remote server.

Headline

Grav CMS 1.7.44 Server-Side Template Injection

Packet Storm: Latest News