ГлавнаяУязвимости → CVE-2025-66844
9.1критическая

CVE-2025-66844

Описание

In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates when page content is processed by Twig and the configuration allows undefined PHP functions to be registered

Затрагиваемое ПО
Getgrav Grav
CVSS
Балл9.1 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Источники
https://github.com/Yohane-Mashiro/grav_cve/issues/2