What is CVE-2020-29553?

CVE-2020-29553 is a vulnerability in the scheduler of Grav CMS through 1.7.0-rc.17 that allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).

How severe is CVE-2020-29553?

CVE-2020-29553 has a severity score of 8.8 (high).

What software is affected by CVE-2020-29553?

Grav CMS versions 1.6.31 and 1.7.0-beta1 to 1.7.0-rc17 are affected by CVE-2020-29553.

How can the CVE-2020-29553 vulnerability be fixed?

To fix the CVE-2020-29553 vulnerability, users should update Grav CMS to version 1.7.1 or later.

Where can I find more information about CVE-2020-29553?

You can find more information about CVE-2020-29553 at this reference: https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/

Vulnerability/
CVE-2020-29553

high

8.8

CWE

352

15/3/2021

24/5/2022

4/8/2024

CVE-2020-29553: CSRF

First published: Mon Mar 15 2021(Updated: )

The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
composer/getgrav/grav	<1.6.30	1.6.30
composer/getgrav/grav	>=1.7.0-beta.1<=1.7.0-rc.17
Getgrav	<=1.6.31
Getgrav	=1.7.0-beta1
Getgrav	=1.7.0-beta10
Getgrav	=1.7.0-beta2
Getgrav	=1.7.0-beta3
Getgrav	=1.7.0-beta4
Getgrav	=1.7.0-beta5
Getgrav	=1.7.0-beta6
Getgrav	=1.7.0-beta7
Getgrav	=1.7.0-beta8
Getgrav	=1.7.0-beta9
Getgrav	=1.7.0-rc1
Getgrav	=1.7.0-rc10
Getgrav	=1.7.0-rc11
Getgrav	=1.7.0-rc12
Getgrav	=1.7.0-rc13
Getgrav	=1.7.0-rc14
Getgrav	=1.7.0-rc15
Getgrav	=1.7.0-rc16
Getgrav	=1.7.0-rc17
Getgrav	=1.7.0-rc2
Getgrav	=1.7.0-rc3
Getgrav	=1.7.0-rc4
Getgrav	=1.7.0-rc5
Getgrav	=1.7.0-rc6
Getgrav	=1.7.0-rc7
Getgrav	=1.7.0-rc8
Getgrav	=1.7.0-rc9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-29553?
CVE-2020-29553 is a vulnerability in the scheduler of Grav CMS through 1.7.0-rc.17 that allows an attacker to execute a system command by tricking an admin into visiting a malicious website (CSRF).
How severe is CVE-2020-29553?
CVE-2020-29553 has a severity score of 8.8 (high).
What software is affected by CVE-2020-29553?
Grav CMS versions 1.6.31 and 1.7.0-beta1 to 1.7.0-rc17 are affected by CVE-2020-29553.
How can the CVE-2020-29553 vulnerability be fixed?
To fix the CVE-2020-29553 vulnerability, users should update Grav CMS to version 1.7.1 or later.
Where can I find more information about CVE-2020-29553?
You can find more information about CVE-2020-29553 at this reference: https://blog.bssi.fr/cve-2020-29553-cve-2020-29555-cve-2020-29556-multiple-vulnerabilities-within-cms-grav/

agent/type
collector/github-advisory-latest
source/GitHub
alias/GHSA-fqff-vcvx-68h3
alias/CVE-2020-29553
agent/software-canonical-lookup
agent/weakness
agent/references
agent/severity
agent/softwarecombine
agent/description
agent/author
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/composer
vendor/getgrav
canonical/getgrav
version/getgrav/1.6.31
version/getgrav/1.7.0-beta1
version/getgrav/1.7.0-beta10
version/getgrav/1.7.0-beta2
version/getgrav/1.7.0-beta3
version/getgrav/1.7.0-beta4
version/getgrav/1.7.0-beta5
version/getgrav/1.7.0-beta6
version/getgrav/1.7.0-beta7
version/getgrav/1.7.0-beta8
version/getgrav/1.7.0-beta9
version/getgrav/1.7.0-rc1
version/getgrav/1.7.0-rc10
version/getgrav/1.7.0-rc11
version/getgrav/1.7.0-rc12
version/getgrav/1.7.0-rc13
version/getgrav/1.7.0-rc14
version/getgrav/1.7.0-rc15
version/getgrav/1.7.0-rc16
version/getgrav/1.7.0-rc17
version/getgrav/1.7.0-rc2
version/getgrav/1.7.0-rc3
version/getgrav/1.7.0-rc4
version/getgrav/1.7.0-rc5
version/getgrav/1.7.0-rc6
version/getgrav/1.7.0-rc7
version/getgrav/1.7.0-rc8
version/getgrav/1.7.0-rc9