CVE-2023-34448— Grav Server-side Template Injection (SSTI) via Twig Default Filters
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-34448
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Grav Server-side Template Injection (SSTI) via Twig Default Filters
Source: NVD (National Vulnerability Database)
Vulnerability Description
Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions exposed by Twig's Core Extension that could be used to invoke arbitrary unsafe functions, thereby allowing for remote code execution. A patch in version 1.74.2 overrides the built-in Twig `map()` and `reduce()` filter functions in `system/src/Grav/Common/Twig/Extension/GravExtension.php` to validate the argument passed to the filter in `$arrow`.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Grav 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Grav是一套可扩展的用于个人博客、小型内容发布平台和单页产品展示的CMS(内容管理系统)。 Grav 1.7.42之前版本存在安全漏洞,该漏洞源于存在服务器端模板注入 (SSTI)漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2023-34448
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-34448
请登录查看更多情报信息。
- https://huntr.dev/bounties/3ef640e6-9e25-4ecb-8ec1-64311d63fe66/x_refsource_MISC
- https://github.com/getgrav/grav/security/advisories/GHSA-whr7-m3f8-mpm8x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2023-34448
Same Patch Batch · getgrav · 2023-06-14 · 5 CVEs total
| CVE-2023-34251 | 10.0 CRITICAL | Grav Server Side Template Injection vulnerability |
| CVE-2023-34253 | 8.8 HIGH | Grav vulnerable to Server-side Template Injection (SSTI) via Denylist Bypass |
| CVE-2023-34252 | 8.8 HIGH | Grav Server-side Template Injection via Insufficient Validation in filterFilter |
| CVE-2023-34452 | 5.4 MEDIUM | Grav vulnerable to Self Cross Site Scripting in /forgot_password |
IV. Related Vulnerabilities
Same product: grav
- CVE-2025-66312
Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) S - CVE-2025-66311
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoin - CVE-2025-66310
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoin - CVE-2025-66309
Grav vulnerable to Cross-Site Scripting (XSS) Reflected endp - CVE-2025-66308
Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) S
Same vendor: getgrav
- CVE-2020-36955
Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persisten - CVE-2021-47812
GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticate - CVE-2025-66312
Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) S - CVE-2025-66311
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoin - CVE-2025-66310
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoin
Same weakness: CWE-20
V. Comments for CVE-2023-34448
No comments yet