CVE-2025-66295
🔴 HIGHGrav is a file-based Web platform. Prior to 1.8.0-beta.27, when a user with privilege of user creation creates a new user through the Admin UI and supplies a username containing path traversal sequenc...
Description
Request Expert ReviewGrav is a file-based Web platform. Prior to 1.8.0-beta.27, when a user with privilege of user creation creates a new user through the Admin UI and supplies a username containing path traversal sequences (for example ..\Nijat or ../Nijat), Grav writes the account YAML file to an unintended path outside user/accounts/. The written YAML can contain account fields such as email, fullname, twofa_secret, and hashed_password. This vulnerability is fixed in 1.8.0-beta.27.
Affected Products (27)
CVSS Scores
References
Additional Information
- Source
- security-advisories@github.com
- State
- Analyzed
Related CVEs
CVE-2025-8405
HIGHGitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that...
CVE-2025-4097
MEDIUMGitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could...
CVE-2025-11984
MEDIUMGitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could h...
CVE-2025-11247
MEDIUMGitLab has remediated an issue in GitLab EE affecting all versions from 13.2 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have...
CVE-2025-9436
MEDIUMThe Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `trustindex` shortcode in all versio...
CVE-2025-14157
MEDIUMGitLab has remediated an issue in GitLab CE/EE affecting all versions from 6.3 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could ha...
Share CVE-2025-66295
Share on Social Media
Copy Link
Embed Code
Request Expert Analysis
Request a professional security analysis for CVE-2025-66295 from our verified experts.
Credits System
Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!