GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2) | Advisories

Advisories

GravCMS 1.10.7 - Arbitrary YAML Write/Update (Unauthenticated) (2)

severity: critical
date: January 15, 2026
Affecting: GravCMS 1.10.7
CVE: CVE-2021-47812
CWE: CWE-862 Missing Authorization
CVSS: 9.3
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
References: ExploitDB-49973
Official Grav CMS Homepage
Credit: legend
Description: GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with system command execution.