CVE-2021-47812 | THREATINT

Description

GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with system command execution.

PUBLISHED Reserved 2026-01-14 | Published 2026-01-15 | Updated 2026-02-02 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Missing Authorization

Product status

1.10.7

affected

Credits

legend finder

References

www.exploit-db.com/exploits/49973 exploit

www.exploit-db.com/exploits/49973 (ExploitDB-49973) exploit

getgrav.org (Official Grav CMS Homepage) product

www.vulncheck.com/...itrary-yaml-writeupdate-unauthenticated (VulnCheck Advisory: GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)) third-party-advisory

cve.org (CVE-2021-47812)

nvd.nist.gov (CVE-2021-47812)

Download JSON